Sourced from @​mitre/saf's releases.

1.5.1

What's New

• license and notice clarification @​Amndeep7 (#5005)
• Ironbank workflow improvements @​Amndeep7 (#5004)
• pin fast-glob to 3.3.3 @​Amndeep7 (#5003)
• sonarqube 'warming up' period note @​Amndeep7 (#4764)
• Sonarqube fixes @​Amndeep7 (#4493)
• Use the iron bank action @​Amndeep7 (#4607)
• Ensure that the SAF CLI tests for the case where a dev dependency is used in production code @​Amndeep7 (#4434)
• Vitest @​Amndeep7 (#4249)

Dependency Updates

• Bump eslint from 9.35.0 to 9.36.0 @dependabot[bot] (#4880)
• Bump @​eslint/js from 9.35.0 to 9.36.0 @dependabot[bot] (#4881)
• Bump @​stylistic/eslint-plugin from 5.3.1 to 5.4.0 @dependabot[bot] (#4884)
• Bump @​aws-sdk/util-locate-window from 3.873.0 to 3.893.0 @dependabot[bot] (#4885)
• Bump cssstyle from 5.3.0 to 5.3.1 @dependabot[bot] (#4890)
• Bump tldts from 7.0.14 to 7.0.16 @dependabot[bot] (#4892)
• Bump @​typescript-eslint/eslint-plugin from 8.44.1 to 8.45.0 @dependabot[bot] (#4942)
• Bump @​azure/msal-browser from 4.24.0 to 4.24.1 @dependabot[bot] (#4957)
• Bump electron-to-chromium from 1.5.224 to 1.5.227 @dependabot[bot] (#4935)
• Bump @​smithy/signature-v4 from 5.2.1 to 5.3.0 @dependabot[bot] (#4948)
• Bump @​asamuzakjp/dom-selector from 6.5.6 to 6.5.7 @dependabot[bot] (#4971)
• Bump @​types/jsdom from 21.1.7 to 27.0.0 @dependabot[bot] (#4940)
• Bump @​smithy/hash-stream-node from 4.1.1 to 4.2.0 @dependabot[bot] (#4952)
• Bump @​smithy/invalid-dependency from 4.1.1 to 4.2.0 @dependabot[bot] (#4990)
• Bump @​smithy/util-waiter from 4.1.1 to 4.2.0 @dependabot[bot] (#4967)
• Bump @​smithy/util-body-length-node from 4.1.0 to 4.2.0 @dependabot[bot] (#4991)
• Bump @​smithy/util-endpoints from 3.1.2 to 3.2.0 @dependabot[bot] (#4996)
• Bump @​smithy/eventstream-serde-config-resolver from 4.2.1 to 4.3.0 @dependabot[bot] (#4992)
• Bump @​aws-sdk/client-securityhub from 3.896.0 to 3.899.0 @dependabot[bot] (#4932)
• Bump typescript from 5.9.2 to 5.9.3 @dependabot[bot] (#4972)
• Bump winston from 3.17.0 to 3.18.3 @dependabot[bot] (#4997)
• Bump npm from 10.9.3 to 10.9.4 @dependabot[bot] (#4998)
• Bump @​types/node from 24.5.2 to 24.6.1 @dependabot[bot] (#4993)
• Bump @​smithy/hash-blob-browser from 4.1.1 to 4.2.0 @dependabot[bot] (#4964)
• Bump @​smithy/chunked-blob-reader-native from 4.1.0 to 4.2.0 @dependabot[bot] (#4962)
• Bump @​oclif/plugin-plugins from 5.4.47 to 5.4.48 @dependabot[bot] (#4931)
• Bump @​microsoft/microsoft-graph-types from 2.40.0 to 2.43.0 @dependabot[bot] (#4983)
• Bump dotenv from 17.2.2 to 17.2.3 @dependabot[bot] (#4943)
• Bump @​smithy/eventstream-serde-browser from 4.1.1 to 4.2.0 @dependabot[bot] (#4979)
• Bump rollup from 4.52.2 to 4.52.3 @dependabot[bot] (#4945)
• Bump @​smithy/util-defaults-mode-browser from 4.1.5 to 4.2.0 @dependabot[bot] (#4956)
• Bump @​smithy/hash-node from 4.1.1 to 4.2.0 @dependabot[bot] (#5001)
• Bump caniuse-lite from 1.0.30001745 to 1.0.30001746 @dependabot[bot] (#4982)
• Bump @​smithy/md5-js from 4.1.1 to 4.2.0 @dependabot[bot] (#4977)
• Bump baseline-browser-mapping from 2.8.7 to 2.8.9 @dependabot[bot] (#4944)
• Bump oclif from 4.22.24 to 4.22.27 @dependabot[bot] (#4938)
• Bump typescript-eslint from 8.44.1 to 8.45.0 @dependabot[bot] (#4936)

... (truncated)

• de4de56 1.5.1
• 0d3fd23 1.4.22
• 4c92e31 match what's on ironbank now (#5005)
• 729b012 Ironbank workflow improvements (#5004)
• db41a80 pin fast-glob to 3.3.3 (#5003)
• c6213dd Merge pull request #4880 from mitre/dependabot/npm_and_yarn/eslint-9.36.0
• 46e0c9d Merge branch 'main' into dependabot/npm_and_yarn/eslint-9.36.0
• 3edd768 Bump @​eslint/js from 9.35.0 to 9.36.0 (#4881)
• 03ef3bc Merge pull request #4884 from mitre/dependabot/npm_and_yarn/stylistic/eslint-...
• 63cb64d Merge branch 'main' into dependabot/npm_and_yarn/stylistic/eslint-plugin-5.4.0
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)