Sourced from vitest's releases.

v1.6.1

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport vitest-dev/vitest#7317 to v1 - by @​hi-ogawa in vitest-dev/vitest#7319

    View changes on GitHub

• 017e1ee chore: release v1.6.1
• 7ce9fbb fix: backport #7317 to v1 (#7319)
• See full diff in compare view

Sourced from astro's changelog.

4.16.18

Patch Changes

• #12757 d0aaac3 Thanks @​matthewp! - Remove all assets created from the server build

• #12757 d0aaac3 Thanks @​matthewp! - Clean server sourcemaps from static output

4.16.17

Patch Changes

• #12632 e7d14c3 Thanks @​ematipico! - Fixes an issue where the checkOrigin feature wasn't correctly checking the content-type header

4.16.16

Patch Changes

• #12542 65e50eb Thanks @​kadykov! - Fix JPEG image size determination

• #12525 cf0d8b0 Thanks @​ematipico! - Fixes an issue where with i18n enabled, Astro couldn't render the 404.astro component for non-existent routes.

4.16.15

Patch Changes

• #12498 b140a3f Thanks @​ematipico! - Fixes a regression where Astro was trying to access Request.headers

4.16.14

Patch Changes

• #12480 c3b7e7c Thanks @​matthewp! - Removes the default throw behavior in astro:env

• #12444 28dd3ce Thanks @​ematipico! - Fixes an issue where a server island hydration script might fail case the island ID misses from the DOM.

• #12476 80a9a52 Thanks @​florian-lefebvre! - Fixes a case where the Content Layer glob() loader would not update when renaming or deleting an entry

• #12418 25baa4e Thanks @​oliverlynch! - Fix cached image redownloading if it is the first asset

• #12477 46f6b38 Thanks @​ematipico! - Fixes an issue where the SSR build was emitting the dist/server/entry.mjs file with an incorrect import at the top of the file/

• #12365 a23985b Thanks @​apatel369! - Fixes an issue where Astro.currentLocale was not correctly returning the locale for 404 and 500 pages.

4.16.13

Patch Changes

• #12436 453ec6b Thanks @​martrapp! - Fixes a potential null access in the clientside router

... (truncated)

• 84190aa [ci] release (#12774)
• d0aaac3 Prevent server sourcemaps from being part of client output (#12757)
• ba4aac1 [ci] release (#12648)
• e7d14c3 fix: checkOrigin headers check (#12632)
• 6eac6ba [ci] release (#12536)
• 65e50eb Fix JPEG image size determination (#12542)
• 6fc29e3 fix(deps): update all non-major dependencies (#12410)
• cf0d8b0 fix(i18n): render 404.astro when i18n is enabled (#12525)
• 36d8d92 [ci] release (#12501)
• b140a3f fix(routing): don't access Request headers (#12498)
• Additional commits viewable in compare view

Sourced from vite's releases.

v6.3.5

Please refer to CHANGELOG.md for details.

v6.3.4

Please refer to CHANGELOG.md for details.

v6.3.3

Please refer to CHANGELOG.md for details.

v6.3.2

Please refer to CHANGELOG.md for details.

create-vite@6.3.1

Please refer to CHANGELOG.md for details.

v6.3.1

Please refer to CHANGELOG.md for details.

create-vite@6.3.0

Please refer to CHANGELOG.md for details.

v6.3.0

Please refer to CHANGELOG.md for details.

v6.3.0-beta.2

Please refer to CHANGELOG.md for details.

v6.3.0-beta.1

Please refer to CHANGELOG.md for details.

v6.3.0-beta.0

Please refer to CHANGELOG.md for details.

v6.2.7

Please refer to CHANGELOG.md for details.

v6.2.6

Please refer to CHANGELOG.md for details.

v6.2.5

Please refer to CHANGELOG.md for details.

v6.2.4

Please refer to CHANGELOG.md for details.

v6.2.3

Please refer to CHANGELOG.md for details.

v6.2.2

Please refer to CHANGELOG.md for details.

... (truncated)

Sourced from vite's changelog.

6.3.5 (2025-05-05)

• fix(ssr): handle uninitialized export access as undefined (#19959) (fd38d07), closes #19959

6.3.4 (2025-04-30)

• fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965
• fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940
• refactor: remove duplicate plugin context type (#19935) (d6d01c2), closes #19935

6.3.3 (2025-04-24)

• fix: ignore malformed uris in tranform middleware (#19853) (e4d5201), closes #19853
• fix(assets): ensure ?no-inline is not included in the asset url in the production environment (#1949 (16a73c0), closes #19496
• fix(css): resolve relative imports in sass properly on Windows (#19920) (ffab442), closes #19920
• fix(deps): update all non-major dependencies (#19899) (a4b500e), closes #19899
• fix(ssr): fix execution order of re-export (#19841) (ed29dee), closes #19841
• fix(ssr): fix live binding of default export declaration and hoist exports getter (#19842) (80a91ff), closes #19842
• perf: skip sourcemap generation for renderChunk hook of import-analysis-build plugin (#19921) (55cfd04), closes #19921
• test(ssr): test ssrTransform re-export deps and test stacktrace with first line (#19629) (9399cda), closes #19629

6.3.2 (2025-04-18)

• fix: match default asserts case insensitive (#19852) (cbdab1d), closes #19852
• fix: open first url if host does not match any urls (#19886) (6abbdce), closes #19886
• fix(css): respect css.lightningcss option in css minification process (#19879) (b5055e0), closes #19879
• fix(deps): update all non-major dependencies (#19698) (bab4cb9), closes #19698
• feat(css): improve lightningcss messages (#19880) (c713f79), closes #19880

6.3.1 (2025-04-17)

• fix: avoid using Promise.allSettled in preload function (#19805) (35c7f35), closes #19805
• fix: backward compat for internal plugin transform calls (#19878) (a152b7c), closes #19878

6.3.0 (2025-04-16)

• fix(hmr): avoid infinite loop happening with hot.invalidate in circular deps (#19870) (d4ee5e8), closes #19870
• fix(preview): use host url to open browser (#19836) (5003434), closes #19836

... (truncated)

• 84e4647 release: v6.3.5
• fd38d07 fix(ssr): handle uninitialized export access as undefined (#19959)
• b040d54 release: v6.3.4
• c22c43d fix: check static serve file inside sirv (#19965)
• efc5eab fix(optimizer): return plain object when using require to import externals ...
• d6d01c2 refactor: remove duplicate plugin context type (#19935)
• db9eb97 release: v6.3.3
• e4d5201 fix: ignore malformed uris in tranform middleware (#19853)
• 55cfd04 perf: skip sourcemap generation for renderChunk hook of import-analysis-build...
• ffab442 fix(css): resolve relative imports in sass properly on Windows (#19920)
• Additional commits viewable in compare view

Sourced from webpack's releases.

v5.96.0

Bug Fixes

• Fixed Module Federation should track all referenced chunks
• Handle Data URI without base64 word
• HotUpdateChunk have correct runtime when modified with new runtime
• Order of chunks ids in generated chunk code
• No extra Javascript chunks when using asset module as an entrypoint
• Use optimistically logic for output.environment.dynamicImport to determine chunk format when no browserslist or target
• Collision with global variables for optimization.avoidEntryIife
• Avoid through variables in inlined module
• Allow chunk template strings in output.devtoolNamespace
• No extra runtime for get javascript/css chunk filename
• No extra runtime for prefetch and preload in JS runtime when it was unsed in CSS
• Avoid cache invalidation using ProgressPlugin
• Increase parallelism when using importModule on the execution stage
• Correctly parsing string in export and import
• Typescript types
• [CSS] css/auto considers a module depending on its filename as css (pure CSS) or css/local, before it was css/global and css/local
• [CSS] Always interpolate classes even if they are not involved in export
• [CSS] No extra runtime in Javascript runtime chunks for asset modules used in CSS
• [CSS] No extra runtime in Javascript runtime chunks for external asset modules used in CSS
• [CSS] No extra runtime for the node target
• [CSS] Fixed url()s and @import parsing
• [CSS] Fixed - emit a warning on broken :local and :global

New Features

• Export CSS and ESM runtime modules
• Single Runtime Chunk and Federation eager module hoisting
• [CSS] Support /* webpackIgnore: true */ for CSS files
• [CSS] Support src() support
• [CSS] CSS nesting in CSS modules

• aff0c3e chore(release): 5.96.0
• 6f11ec1 refactor: module source types code
• b07142f refactor: module source types code
• 7d98b3c fix: Module Federation should track all referenced chunks
• 6d09769 chore: linting
• cb3cf61 chore: add test
• 69dd27e fix: Module Federation should track all referenced chunks
• 6a6f14f refactor: udate acorn
• db32353 refactor: code
• 79b8f00 refactor: update acorn
• Additional commits viewable in compare view

Sourced from @​nestjs/common's releases.

v10.4.16

What's Changed

• fix(common): introduce magic file type validator to nestjs common by @​Chathula in nestjs/nest#14948

Full Changelog: https://github.com/nestjs/nest/compare/v10.4.15...v10.4.16

v10.4.15 (2024-12-09)

Dependencies

• platform-express
  • #14282 fix(deps): update dependency express to v4.21.2 (@​renovate[bot])

v10.4.13 (2024-12-03)

Bug fixes

• common
  • #14256 chore(common): Add type declaration for RawBody decorator with pipes (@​sapenlei)

Dependencies

• #14257 fix(deps): update dependency @​fastify/static to v7.0.4 (@​renovate[bot])
• #14258 fix(deps): update dependency @​nestjs/sequelize to v10.0.1 (@​renovate[bot])
• #14249 chore(deps): bump @​apollo/gateway from 2.4.8 to 2.8.5 in /sample/32-graphql-federation-schema-first/users-application (@​dependabot[bot])
• #14250 chore(deps): update jest monorepo (@​renovate[bot])
• #14245 chore(deps): update dependency mqtt to v5.10.3 (@​renovate[bot])
• #14247 fix(deps): update nest monorepo to v10.4.12 (@​renovate[bot])
• #14251 chore(deps-dev): bump graphql-tools from 9.0.3 to 9.0.5 (@​dependabot[bot])
• #14246 chore(deps): update nest monorepo (@​renovate[bot])

Committers: 3

• Kamil Mysliwiec (@​kamilmysliwiec)
• Micael Levi L. Cavalcante (@​micalevisk)
• sapenlei (@​sapenlei)

v10.4.12 (2024-11-29)

Bug fixes

• common
  • #14241 fix(common): enforce string type in validationpipe (@​LhonRafaat)

Dependencies

• Other
  • #14243 chore(deps): update dependency @​types/node to v20.17.9 (@​renovate[bot])
  • #14240 chore(deps): update dependency @​types/multer to v1.4.12 (@​renovate[bot])
  • #14239 chore(deps): update dependency @​types/chai to v4.3.20 (@​renovate[bot])
  • #14237 chore(deps): update confluentinc/cp-zookeeper docker tag to v7.7.2 (@​renovate[bot])
  • #14236 chore(deps): update confluentinc/cp-kafka docker tag to v7.7.2 (@​renovate[bot])
  • #12253 fix(deps): update apollo graphql packages (@​renovate[bot])
  • #14235 chore(deps-dev): bump @​commitlint/config-angular from 19.5.0 to 19.6.0 (@​dependabot[bot])
  • #14233 chore(deps): update nest monorepo (@​renovate[bot])

... (truncated)

• 6c8aec6 chore(@​nestjs) publish v10.4.16 release
• 2b9e132 chore: update outdated tests, make file-type optional
• cb0d650 chore: remove duplicate packages
• 6196ab2 Merge branch 'Chathula-fix-nestjs-common-mime-validator'
• 0ac7959 chore: minor tweaks
• 312a54a Update packages/common/pipes/file/file-type.validator.ts
• a28fc03 refactor(common): move back file type validator options type
• 07b4b38 refactor(common): move file-type package to peer dependencies
• 0b7af8a refactor(common): refactor code to use simple eval
• 6953b7a fix(common): used eval import
• Additional commits viewable in compare view

Sourced from @​nestjs/core's releases.

v11.1.1 (2025-05-14)

Bug fixes

• core
  • #15056 fix(core): HTTP adapter error mapping (@​maxbronnikov10)
• microservices
  • #15062 fix(microservices): ensure all redis and amqp client closes properly (@​yatin166)
  • #15032 fix(microservices): ensure all the amqp connections are closed properly (@​yatin166)
  • #15020 fix(microservices): ensure all redis connections are closed (@​yatin166)
• core, platform-fastify
  • #15061 fix(core): bring back getHeader and appendHeader methods from AbstractHttpAdapter (@​micalevisk)
• platform-express
  • #15010 feat: remove use of pipeline (@​jmcdo29)

Enhancements

• microservices
  • #14606 feat(microservices): add specific transport id to microservices (@​maxbronnikov10)
  • #15057 feat(microservices): Allow custom exchangeType as string for plugin compatibility (@​ChangmoKang)
  • #15072 feat(microservices): Add exchange arguments to RabbitMQ (@​gapon2401)

Dependencies

• platform-fastify
  • #15129 chore(deps): bump fastify from 5.3.2 to 5.3.3 (@​dependabot[bot])
• platform-ws
  • #15068 chore(deps): bump ws from 8.18.1 to 8.18.2 (@​dependabot[bot])
• common
  • #15029 chore(deps): bump file-type from 20.4.1 to 20.5.0 (@​dependabot[bot])

Committers: 7

• Antonio Tripodi (@​Tony133)
• Changmo Kang (Ryan) (@​ChangmoKang)
• Igor Gaponov (@​gapon2401)
• Jackie McDoniel (@​jmcdo29)
• Maxim Bronnikov (@​maxbronnikov10)
• Micael Levi L. Cavalcante (@​micalevisk)
• Yatin Gaikwad (@​yatin166)

v11.1.0 (2025-04-23)

Enhancements

• microservices
  • #14540 feat(microservices): add support for topic exchange (rabbitmq) (@​kamilmysliwiec)

Committers: 1

• Kamil Mysliwiec (@​kamilmysliwiec)

v11.0.21 (2025-04-23)

Enhancements

• common

... (truncated)

• 2cccff1 chore(@​nestjs) publish v11.1.1 release
• 7338c03 Merge pull request #15056 from maxbronnikov10/fix/http-adapter-error
• fb3b12d fix(core): HTTP adapter error mapping
• cb6080e refactor(core,platform-fastify): drop useless optional signature
• 10f4a9d fix(core): bring back getHeader and appendHeader methods on `AbstractHttp...
• 112450b chore(@​nestjs) publish v11.1.0 release
• 729a9cd chore(@​nestjs) publish v11.0.21 release
• d5bca88 chore(@​nestjs) publish v11.0.20 release
• a6bdfd1 chore(@​nestjs) publish v11.0.19 release
• 11acc59 chore(@​nestjs) publish v11.0.18 release
• Additional commits viewable in compare view

Sourced from next's releases.

v14.2.26

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Match subrequest handling for edge and node (#77476)

v13.5.11

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Lock swc binaries version

v13.5.10

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Match subrequest handling for edge and node

v13.5.9

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary. This release contains a security patch for CVE-2025-29927.

Core Changes

• [backport] middleware subrequest patch (#77418)

• 10a042c v14.2.26
• 8a511d6 Match subrequest handling for edge and node (#77476)
• d36a1f3 v14.2.25
• 5fd3ae8 [backport] Update middleware request header (#77202)
• 756be15 v14.2.24
• ba6453d fix corepack keys
• c482c20 [backport v14] fix: ensure lint worker errors aren't silenced (#75766) (#75779)
• 5791cb6 [Backport v14] add additional x-middleware-set-cookie filtering (#75561) (#75...
• 8129a61 test: fix eslint plugin test (#75687)
• f27ce02 v14.2.23
• Additional commits viewable in compare view

Sourced from nuxt's releases.

v3.16.0

👀 Highlights

There's a lot in this one!

⚡️ A New New Nuxt

Say hello to create-nuxt, a new tool for starting Nuxt projects (big thanks to @​devgar for donating the package name)!

It's a streamlined version of nuxi init - just a sixth of the size and bundled as a single file with all dependencies inlined, to get you going as fast as possible.

Starting a new project is as simple as:

npm create nuxt

Special thanks to @​cmang for the beautiful ASCII-art. ❤️

Want to learn more about where we're headed with the Nuxt CLI? Check out our roadmap here, including our plans for an interactive modules selector.

🚀 Unhead v2

We've upgraded to unhead v2, the engine behind Nuxt's <head> management. This major version removes deprecations and improves how context works:

• For Nuxt 3 users, we're shipping a legacy compatibility build so nothing breaks
• The context implementation is now more direct via Nuxt itself

// Nuxt now re-exports composables while properly resolving the context
export function useHead(input, options = {}) {
  const unhead = injectHead(options.nuxt)
  return head(input, { head: unhead, ...options })
}

If you're using Unhead directly in your app, keep in mind:

1. Import from Nuxt's auto-imports or #app/composables/head instead of @unhead/vue
2. Importing directly from @unhead/vue might lose async context

Don't worry though - we've maintained backward compatibility in Nuxt 3, so most users won't need to change anything!

If you've opted into compatibilityVersion: 4, check out our upgrade guide for additional changes.

🔧 Devtools v2 Upgrade

Nuxt Devtools has leveled up to v2 (#30889)!

... (truncated)

• 7a37a98 v3.16.0
• 0d13fe9 chore(deps): update all non-major dependencies (3.x) (#31264)
• 2476cab fix(nuxt): strip query in x-nitro-prerender header
• 2c68c92 chore(deps): update all non-major dependencies (3.x) (#31240)
• bf454cb fix(nuxt): pass useFetch function name on server for warning (#31213)
• b29c0e8 chore: ignore nitro/renderer templates
• 7c427df fix(nuxt): fall back to wasm if oxc native bindings are missing (#31190)
• 0ebaa51 fix(nuxt): apply ignore rules to nitro devStorage (#31233)
• 2f833f4 fix(nuxt): preserve query/hash when calling navigateTo with replace (#31244)
• 3cd4384 fix(nuxt): ensure head components are reactive (#31248)
• Additional commits viewable in compare view

Sourced from node-fetch's releases.

v3.3.2

3.3.2 (2023-07-25)

Bug Fixes

• Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473

v3.3.1

3.3.1 (2023-03-11)

Bug Fixes

• release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)

v3.3.0

3.3.0 (2022-11-10)

Features

• add static Response.json (#1670) (55a4870)

v3.2.10

3.2.10 (2022-07-31)

Bug Fixes

• ReDoS referrer (#1611) (2880238)

v3.2.9

3.2.9 (2022-07-18)

Bug Fixes

• Headers: don't forward secure headers on protocol change (#1599) (e87b093)

v3.2.8

3.2.8 (2022-07-12)

Bug Fixes

• possibly flaky test (#1523) (11b7033)

... (truncated)

• 8b3320d fix: Remove the default connection close header. (#1736)
• 7b86e94 fix: release "Allow URL class object as an argument for fetch()" #1696 (#1716)
• 8ced5b9 docs: readme - non ESM example (#1707)
• 71e376b ci(release): use latest Node LTS (#1697)
• e093030 Allow URL class object as an argument for fetch() (#1696)
• 55a4870 feat: add static Response.json (#1670)
• c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage (#1666)
• 6f72caa docs: fix missing comma in example (#1623)
• 2880238 fix: ReDoS referrer (#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
• Additional commits viewable in compare view

Sourced from solid-js's releases.

v1.9.0 - LGTM!

This release like the last is focusing on small quality of life improvements and adjustments that will help us move towards 2.0. So while not the most exciting release to everyone it provides some really important features and fixes to some developers.

And unlike many previous releases the vast majority of the work and features came from PRs from the community. So really all I can say is Looks Good to Me!

Better JSX Validation

While still incomplete across templates we've added JSDOM to the compiler to better detect invalid HTML at build time by comparing what we expect the template to be with what a browser would output. This now includes things that are nested we didn't detect before like putting <a> inside other <a> tags which will lead to the browser "correcting" it in less than intuitive ways.

Improved Exports

While each environment in solid-js/web has its own methods to be used in the compiler. We are now exporting the client methods from the server to prevent weird import errors. Now these methods will throw if used in this environment but shouldn't break your build.

Additionally we have seen some issues in bundlers that incorrectly feed our ESM exports back through the browser field. While this is a known issue they all pointed issues at each other and with no intention of fixing it. We have removed the browser field in this release, meaning some legacy packages may have issues resolving browser if they don't support export conditions.

This is regretful but this blocked deployments on several platforms and since this was the only fix at our disposal after two years of attempting to push this issue to the bundlers to no avail, we've moved forward with it.

Custom Element improvements

We have a few improvements to our custom element support in this release. First off we now detect elements with the is attribute as custom elements which means all the special behavior is afforded to them.

We've also improved our event handler delegating retargetting to better handle shadow DOM events. There were cases where we skipped over part of the tree.

Finally we've added the bool: attribute namespace to handle explicitly setting certain attributes according to boolean attribute rules. While this isn't necessary for built-in booleans currently we handle most attributes as properties and we lacked a specific override. But now we have it:

<my-element bool:enable={isEnabled()}></my-element>

Support for handleEvent Syntax in Non-Delegated Events

A little known thing is that events actually also support objects instead of functions (See: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener)

We(thanks @​titoBouzout) realized we can use this mechanism as a way to set advanced rules like passive or capture on this object as way to handle all current and future event attributes that browsers might add. This way we don't need specific mechanisms like oncapture: (which is now deprecated).

Instead using on: you can set the event properties you wish.

<>
  <div on:click={{
    handleEvent(e) {
      console.log("clicked", e)
    },
    once:true
  }/>
  <div on:wheel={{
    handleEvent(e) {
      e.preventDefault() // only works on not passive events
      e.stopPropagation()  
</tr>&l...
Description has been truncated
Summary by Sourcery
Update npm and yarn dependencies across multiple packages to apply security patches, bug fixes, and minor enhancements.
Chores:

Bump 22 core dependencies in the root to latest minor or patch versions for astro, next, nuxt, webpack, vitest, vite, node-fetch, mongoose, svelte, solid-js, axios, esbuild, and related libraries.
Align @sentry/node to v8.49.0 across all integration packages (astro, remix, sveltekit, nextjs, aws-serverless, bun, google-cloud-serverless, nestjs, nuxt, profiling-node, solidstart).
Upgrade build tooling: Vite to v6.3.5, Vitest to v3.1.3, and Esbuild to v0.25.0.
Standardize Next.js versions to 14.2.26 in main packages and to 15.2.4 in the e2e test application.
Upgrade NestJS common to v10.4.16 and core to v11.1.1 and bump mongoose to v6.13.6 in node-integration-tests.