Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed
• Require Node.js >= 8.3

Non-breaking changes

• Caching was removed

• See full diff in compare view

Sourced from webpack's releases.

v5.99.8

Fixes

• Fixed type error with latest @types/node
• Fixed typescript types

v5.99.7

Fixes

• Don't skip export generation for default reexport (#19463)
• Fixed module library export generation for reexport (#19459)
• Avoid module concatenation in child compilation for module library (#19457)
• Ensure HMR recover gracefully when CSS module with error
• Respect cause of any errors and errors of AggregateError in stats output
• Added missing @types/json-schema in types

v5.99.6

Fixes

• Respect public path for ES modules
• Fixed generation of module for module library when mixing commonjs and esm modules
• Always apply FlagDependencyExportsPlugin for libraries where it required
• Faster logic for dead control flow
• Typescript types

v5.99.5

Fixes

• Control dead flow for labeled and blockless statements

v5.99.4

Fixes

• Fixed terminated state for if/else

v5.99.3

Fixes

• Fixed dead control flow with deep nested if/else

v5.99.2

Fixes

• Dead control flow for exotic cases

v5.99.1

Fixes

• Dead control flow for many cases

... (truncated)

• a9cbd85 chore(release): 5.99.8
• 5cc6615 fix: type error with latest @​types/node (#19501)
• 0f42dc5 docs: update examples (#19490)
• ebeace3 chore(deps-dev): bump less-loader (#19488)
• 3f36f91 chore: update comments (#19487)
• bc25829 fix: a lot of types (#19486)
• ea3ba3d build: refactor scripts and categorizing them
• 45f0e49 chore: add more benchmark cases (#19481)
• 56dd6ca chore(deps-dev): bump core-js in the dependencies group (#19482)
• 5d8f2c9 ci: using codspeed for benchmarks (#19476)
• Additional commits viewable in compare view

Sourced from on-headers's releases.

1.1.0

Important

• Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

What's Changed

• Migrate CI pipeline to GitHub actions by @​carpasse in jshttp/on-headers#12
• fix README.md badges by @​carpasse in jshttp/on-headers#13
• add OSSF scorecard action by @​carpasse in jshttp/on-headers#14
• fix: use ubuntu-latest as ci runner by @​UlisesGascon in jshttp/on-headers#19
• ci: apply OSSF Scorecard security best practices by @​UlisesGascon in jshttp/on-headers#20
• 👷 add upstream change detection by @​ctcpip in jshttp/on-headers#31
• ✨ add script to update known hashes by @​ctcpip in jshttp/on-headers#32
• 💚 update CI - add newer node versions by @​ctcpip in jshttp/on-headers#33

New Contributors

• @​carpasse made their first contribution in jshttp/on-headers#12
• @​UlisesGascon made their first contribution in jshttp/on-headers#19
• @​ctcpip made their first contribution in jshttp/on-headers#31

Full Changelog: https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0

Sourced from on-headers's changelog.

1.1.0 / 2025-07-17

• Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

• 4b017af 1.1.0
• b636f2d ♻️ refactor header array code
• 3e2c2d4 ✨ ignore falsy header keys, matching node behavior
• 172eb41 ✨ support duplicate headers
• c6e3849 🔒️ fix array handling
• 6893518 💚 update CI - add newer node versions
• 56a345d ✨ add script to update known hashes
• 175ab21 👷 add upstream change detection (#31)
• ce0b2c8 ci: apply OSSF Scorecard security best practices (#20)
• 1a38c54 fix: use ubuntu-latest as ci runner (#19)
• Additional commits viewable in compare view

This version was pushed to npm by ulisesgascon, a new releaser for on-headers since your current version.

Sourced from compression's releases.

v1.8.1

What's Changed

• fix(docs): update multiple links from http to https by @​Phillip9587 in expressjs/compression#222
• ci: add dependabot for github actions by @​bjohansebas in expressjs/compression#207
• build(deps): bump github/codeql-action from 2.23.2 to 3.28.15 by @​dependabot[bot] in expressjs/compression#228
• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.1 by @​dependabot[bot] in expressjs/compression#229
• build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 by @​dependabot[bot] in expressjs/compression#230
• build(deps-dev): bump supertest from 6.2.3 to 6.3.4 by @​dependabot[bot] in expressjs/compression#231
• [StepSecurity] ci: Harden GitHub Actions by @​step-security-bot in expressjs/compression#235
• build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 by @​dependabot[bot] in expressjs/compression#243
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 by @​dependabot[bot] in expressjs/compression#239
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in expressjs/compression#240
• build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @​dependabot[bot] in expressjs/compression#241
• build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 by @​dependabot[bot] in expressjs/compression#244
• deps: on-headers@1.1.0 by @​UlisesGascon in expressjs/compression#246
• Release: 1.8.1 by @​UlisesGascon in expressjs/compression#247

New Contributors

• @​dependabot[bot] made their first contribution in expressjs/compression#228
• @​step-security-bot made their first contribution in expressjs/compression#235

Full Changelog: https://github.com/expressjs/compression/compare/1.8.0...v1.8.1

v1.8.0

What's Changed

• Refactor chunkLength function for improved readability and consistency by @​Ayoub-Mabrouk in expressjs/compression#203
• Refactor toBuffer function to simplify buffer check logic by @​Ayoub-Mabrouk in expressjs/compression#201
• ci: add CodeQL (SAST) by @​bjohansebas in expressjs/compression#204
• Use headersSent instead of _header by @​maritz in expressjs/compression#129
• Bugfix/use write head instead of implicit header by @​Icehunter in expressjs/compression#170
• feat: add default option by @​bjohansebas in expressjs/compression#191
• ci: update ci workflow by @​bjohansebas in expressjs/compression#206
• feat: support for brotli by @​bjohansebas in expressjs/compression#194
• docs: improve readme by @​bjohansebas in expressjs/compression#209
• docs: keywords field by @​bjohansebas in expressjs/compression#210
• refactor: simplify encoding negotiation logic by @​bjohansebas in expressjs/compression#213

New Contributors

• @​Ayoub-Mabrouk made their first contribution in expressjs/compression#203
• @​maritz made their first contribution in expressjs/compression#129
• @​Icehunter made their first contribution in expressjs/compression#170

Full Changelog: https://github.com/expressjs/compression/compare/1.7.5...v1.8.0

1.7.5

What's Changed

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/compression#186
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/compression#187
• docs: fix spelling by @​dijonkitchen in expressjs/compression#174
• deps: bytes@3.1.2 by @​bjohansebas in expressjs/compression#192

... (truncated)

Sourced from compression's changelog.

1.8.1 / 2025-07-17

• deps: on-headers@~1.1.0
  • Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

1.8.0 / 2025-02-10

• Use res.headersSent when available
• Replace _implicitHeader with writeHead property
• add brotli support for versions of node that support it
• Add the enforceEncoding option for requests without Accept-Encoding header

1.7.5 / 2024-10-31

• deps: Replace accepts with negotiator@~0.6.4
  • Add preference option
• deps: bytes@3.1.2
  • Add petabyte (pb) support
  • Fix "thousandsSeparator" incorrecting formatting fractional part
  • Fix return value for un-parsable strings
• deps: compressible@~2.0.18
  • Mark font/ttf as compressible
  • Remove compressible from multipart/mixed
  • deps: mime-db@'>= 1.43.0 < 2'
• deps: safe-buffer@5.2.1

• 83a0c45 1.8.1
• ce62713 deps: on-headers@1.1.0 (#246)
• f4acb23 build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 (#244)
• 6eaebe6 build(deps): bump actions/checkout from 4.1.1 to 4.2.2 (#241)
• 37e0623 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#240)
• bc436b2 build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 (#239)
• 2f9f572 build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 (#243)
• 5f13b14 [StepSecurity] ci: Harden GitHub Actions (#235)
• 76e0945 build(deps-dev): bump supertest from 6.2.3 to 6.3.4 (#231)
• ae6ee80 build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 (#230)
• Additional commits viewable in compare view

This version was pushed to npm by ulisesgascon, a new releaser for compression since your current version.

Sourced from pbkdf2's changelog.

v3.1.3 - 2025-06-20

Commits

• Only apps should have lockfiles 8b06730
• [lint] fix whitespace 9a76e2f
• [lint] fix parens/curlies/semis/etc 6fd84bf
• [meta] add auto-changelog 796c38d
• [Tests] fix tests in node 17 3661fb0
• Revert "[Tests] fix tests in node < 3" 7431b57
• [Tests] fix tests in node < 3 eb9f97a
• [Fix] ensure unknown algorithms throw + known ones match node 26d4fd3
• [Tests] add GHA, always run nyc 513906a
• [lint] fix a few more rules ab04da8
• [lint] switch to eslint 89694cf
• [Tests] add coverage d0d534b
• [Refactor] use to-buffer e3102a8
• [readme] improve badges fca0c9d
• [Tests] remove unused travis file a2c7d93
• [meta] switch from files to npmignore 7f31fbc
• [Tests] use .nycrc 8d628e8
• [Refactor] minor tweaks fc61005
• [Deps] update create-hmac, safe-buffer, sha.js ae2a7d0
• [Fix] pin create-hash, ripemd160 due to breaking changes e079968
• [Tests] fix tests in node 3 45fbcf3
• [meta] skip publishing benchmarks 19ea57b
• [Dev Deps] add missing peer dep 645e252

• 3e40827 v3.1.3
• e3102a8 [Refactor] use to-buffer
• 7431b57 Revert "[Tests] fix tests in node < 3"
• 19ea57b [meta] skip publishing benchmarks
• a2c7d93 [Tests] remove unused travis file
• 645e252 [Dev Deps] add missing peer dep
• 796c38d [meta] add auto-changelog
• d0d534b [Tests] add coverage
• 7f31fbc [meta] switch from files to npmignore
• fca0c9d [readme] improve badges
• Additional commits viewable in compare view

This version was pushed to npm by ljharb, a new releaser for pbkdf2 since your current version.

• cb1c571 3.1.0
• 374460e add optional disablement of symlink validation (#119)
• 5bfe6df 3.0.10
• 63e12f9 bare support
• 2ceedf4 3.0.9
• 647447b check windows tweak (#115)
• e4a7a40 3.0.8
• 504ca0f upgrade bare packages
• 1e4cc04 3.0.7
• a1dd7e7 refactor and throw on bad symlink
• Additional commits viewable in compare view

• cb1c571 3.1.0
• 374460e add optional disablement of symlink validation (#119)
• 5bfe6df 3.0.10
• 63e12f9 bare support
• 2ceedf4 3.0.9
• 647447b check windows tweak (#115)
• e4a7a40 3.0.8
• 504ca0f upgrade bare packages
• 1e4cc04 3.0.7
• a1dd7e7 refactor and throw on bad symlink
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.