Sourced from @​vercel/functions's releases.

@​vercel/functions@​3.3.1

Patch Changes

• Updated dependencies [4221033be06182c11c9fe153a58810a2a393c3ce]:
  • @​vercel/oidc@​3.0.4

Sourced from @​vercel/functions's changelog.

3.3.1

Patch Changes

• Updated dependencies [4221033be06182c11c9fe153a58810a2a393c3ce]:
  • @​vercel/oidc@​3.0.4

• 511b881 Version Packages (#14229)
• See full diff in compare view

• See full diff in compare view

Sourced from pnpm's releases.

pnpm 10.22

Minor Changes

• Added support for trustPolicyExclude #10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - chokidar@4.0.3
    - webpack@4.47.0 || 5.102.1
  

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #10179.

Platinum Sponsors

Gold Sponsors

... (truncated)

Sourced from pnpm's changelog.

10.22.0

Minor Changes

• Added support for trustPolicyExclude #10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - chokidar@4.0.3
    - webpack@4.47.0 || 5.102.1
  

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #10179.

• 1de6d19 chore(release): 10.22.0
• 93d4954 feat: add support for trustPolicyExclude (#10168)
• See full diff in compare view

Sourced from vercel's releases.

vercel@48.9.1

Patch Changes

• Include account info in curl requests (#14221)

• feat: [vercel curl & vercel httpstat] validation for full url (#14209)

• Updated dependencies [3dbaa57ed7061d40c82a70d48e57f0d3ca38f32d, 62651e302de8c2913b658b5cfd5c9e1dd192a03c, d485db0fe0ceaeddea8993f6d6d81348df0762ea, fd83a14365e529930c77fd03358a1d4e42c125f0, b2f517bcf1b9af299d9b381cf329a24e86dc2686]:

  • @​vercel/python@​6.0.3
  • @​vercel/backends@​0.0.6

Sourced from vercel's changelog.

48.9.1

Patch Changes

• Include account info in curl requests (#14221)

• feat: [vercel curl & vercel httpstat] validation for full url (#14209)

• Updated dependencies [3dbaa57ed7061d40c82a70d48e57f0d3ca38f32d, 62651e302de8c2913b658b5cfd5c9e1dd192a03c, d485db0fe0ceaeddea8993f6d6d81348df0762ea, fd83a14365e529930c77fd03358a1d4e42c125f0, b2f517bcf1b9af299d9b381cf329a24e86dc2686]:

  • @​vercel/python@​6.0.3
  • @​vercel/backends@​0.0.6

• 511b881 Version Packages (#14229)
• 1f65762 Include account info in requests (#14221)
• fdc041b feat: [vercel curl & vercel httpstat] validation for full url (#14209)
• See full diff in compare view

Sourced from @​vercel/backends's releases.

@​vercel/backends@​0.0.6

Patch Changes

• Pull introspection module out of backends for external use (#14210)

• Updated dependencies [62651e302de8c2913b658b5cfd5c9e1dd192a03c]:

  • @​vercel/introspection@​0.0.2

Sourced from @​vercel/backends's changelog.

0.0.6

Patch Changes

• Pull introspection module out of backends for external use (#14210)

• Updated dependencies [62651e302de8c2913b658b5cfd5c9e1dd192a03c]:

  • @​vercel/introspection@​0.0.2

• 511b881 Version Packages (#14229)
• 62651e3 Pull introspection module out of backends for external use (#14210)
• See full diff in compare view

Sourced from @​vercel/oidc's releases.

@​vercel/oidc-aws-credentials-provider@​3.0.4

Patch Changes

• Updated dependencies [4221033be06182c11c9fe153a58810a2a393c3ce]:
  • @​vercel/oidc@​3.0.4

@​vercel/oidc@​3.0.4

Patch Changes

• Fix directory permissions so that files can be created under the OIDC data directory in linux (#14214)

Sourced from @​vercel/oidc's changelog.

3.0.4

Patch Changes

• Fix directory permissions so that files can be created under the OIDC data directory in linux (#14214)

• 511b881 Version Packages (#14229)
• 4221033 Patch OIDC data dir permissions (#14214)
• 29a591a test(oidc): sort arrays before comparing (#14121)
• See full diff in compare view

Sourced from @​vercel/python's releases.

@​vercel/python@​6.0.3

Patch Changes

• [python] avoid installing dev dependencies (#14232)

• [python] swaps custom http server handler for asgi apps with uvicorn (#14192)

• Exclude JS package manager lock files (#14233)

• [python] surface tracebacks on user code import error (#14250)

Sourced from @​vercel/python's changelog.

6.0.3

Patch Changes

• [python] avoid installing dev dependencies (#14232)

• [python] swaps custom http server handler for asgi apps with uvicorn (#14192)

• Exclude JS package manager lock files (#14233)

• [python] surface tracebacks on user code import error (#14250)

• 511b881 Version Packages (#14229)
• b2f517b [python] surface tracebacks on user code import error (#14250)
• d485db0 [python] asgi lifespan events support (#14192)
• fd83a14 Exclude JS lock files in python builder (#14233)
• 3dbaa57 [python] avoid installing dev dependencies (#14232)
• See full diff in compare view

• 2735f64 Patch to 2.8.27 because browser or feature data changed
• b2df421 Browser or feature data changed
• See full diff in compare view

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions