• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• See full diff in compare view

• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• See full diff in compare view

• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• See full diff in compare view

Sourced from @​microsoft/api-extractor's changelog.

7.57.2

Fri, 20 Feb 2026 16:14:49 GMT

Patches

• Bump minimatch from 10.1.2 to 10.2.1

7.57.1

Fri, 20 Feb 2026 00:15:03 GMT

Patches

• Add "node" condition before "import" in the "exports" map so that Node.js uses the CJS output (which handles extensionless imports), while bundlers still use ESM via "import". Fixes microsoft/rushstack#5644.

7.57.0

Thu, 19 Feb 2026 00:04:52 GMT

Minor changes

• Normalize package layout. CommonJS is now under lib-commonjs, DTS is now under lib-dts, and ESM is now under lib-esm. Imports to lib still work as before, handled by the "exports" field in package.json.

7.56.3

Sat, 07 Feb 2026 01:13:26 GMT

Patches

• Upgrade lodash dependency from ~4.17.15 to ~4.17.23.

7.56.2

Wed, 04 Feb 2026 20:42:47 GMT

Patches

• Update minimatch dependency from 10.0.3 to 10.1.2

7.56.1

Wed, 04 Feb 2026 16:13:27 GMT

Version update only

7.56.0

Fri, 30 Jan 2026 01:16:12 GMT

Minor changes

• Fix an issue where destructured parameters produced an incorrect parameter name

7.55.5

Thu, 08 Jan 2026 01:12:30 GMT

... (truncated)

• b06e297 Bump versions [skip ci]
• 2a59a81 Update changelogs [skip ci]
• 08cf3de Bump minimatch in /webpack/webpack4-localization-plugin (#5651)
• 53b1eaa Bump versions [skip ci]
• 618c203 Update changelogs [skip ci]
• 7e14cda fix: remove "import" entries from exports in package.json files (#5650)
• 95ca0b5 Bump decoupled local dependencies and fix some issues with projects' `rush-pr...
• 4444a90 Bump versions [skip ci]
• 2e69104 Update changelogs [skip ci]
• 6d669f1 Normalize the output folders to lib-commonjs, lib-dts, and lib-esm for ...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.