[PR #20393] [CLOSED] chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #112907

New Issue

GiteaMirror · 2026-05-18T13:08:24-05:00

GiteaMirror commented

2026-05-18 13:08:24 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/20393
Author: @dependabot[bot]
Created: 1/5/2026
Status: ❌ Closed

Base: main ← Head: dependabot/npm_and_yarn/npm_and_yarn-8ddc992055

📝 Commits (1)

7492e36 chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates

📊 Changes

2 files changed (+175 additions, -646 deletions)

View changed files

📝 package-lock.json (+173 -644)
📝 package.json (+2 -2)

📄 Description

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
jspdf	`3.0.1`	`4.0.0`
vite	`5.4.19`	`5.4.21`
js-yaml	`4.1.0`	`4.1.1`
qs	`6.13.0`	`6.14.1`
vega-functions	`6.1.0`	`6.1.1`
vega-selections	`6.1.0`	`6.1.2`

Updates jspdf from 3.0.1 to 4.0.0

Release notes

Sourced from jspdf's releases.

v4.0.0

This release fixes a critical path traversal/local file inclusion security vulnerability in the jsPDF Node.js build. File system access is now restricted by default and can be enabled by either using node's --permission flag or the new jsPDF.allowFsRead property.

There are no other breaking changes.

v3.0.4

This release includes a bunch of bugfixes. Thanks to all contributors!

What's Changed

[Snyk] Upgrade @babel/runtime from 7.28.3 to 7.28.4 by @MrRio in parallax/jsPDF#3895

fix: cell function now properly accepts align parameter by @vishal-rathod-07 in parallax/jsPDF#3896

Remove duplicated function "ga" from WebPDecoder.js by @jvdp in parallax/jsPDF#3902

Fix font state management issue #3890 by @srikanth-s2003 in parallax/jsPDF#3891

Fix pages property to always return current array reference ( #3898 ) by @Opineppes in parallax/jsPDF#3899

Fix jsPDF + Vite compatibility issue #3851 by @tishajain25 in parallax/jsPDF#3903

Do not add pages dynamically unless autoPaging is enabled by @anmiles in parallax/jsPDF#3915

Fix: Context2d font regex too restrictive ( #3904 ) by @Opineppes in parallax/jsPDF#3906

Fix Incorrect Typing for Margins in the TableConfig Interface Definition by @Maito1794 in parallax/jsPDF#3816

New Contributors

@survivant made their first contribution in parallax/jsPDF#3897

@vishal-rathod-07 made their first contribution in parallax/jsPDF#3896

@jvdp made their first contribution in parallax/jsPDF#3902

@srikanth-s2003 made their first contribution in parallax/jsPDF#3891

@Opineppes made their first contribution in parallax/jsPDF#3899

@tishajain25 made their first contribution in parallax/jsPDF#3903

@anmiles made their first contribution in parallax/jsPDF#3915

@josephyi made their first contribution in parallax/jsPDF#3907

@Maito1794 made their first contribution in parallax/jsPDF#3816

Full Changelog: https://github.com/parallax/jsPDF/compare/v3.0.3...v3.1.0

v3.0.3

This release fixes regressions with PNG encoding that were introduced in v3.0.2.

What's Changed

Fix division by zero when calculating word spacing by @alxndr-pggm in parallax/jsPDF#3879

fix scaling of form object bounding boxes by @HackbrettXXX in parallax/jsPDF#3888

fix regressions in PNG encoding that were introduced in 3.0.2 by @HackbrettXXX in parallax/jsPDF#3887

New Contributors

@alxndr-pggm made their first contribution in parallax/jsPDF#3879

Full Changelog: https://github.com/parallax/jsPDF/compare/v3.0.2...v3.0.3

v3.0.2

This release fixes a security issue where parsing of corrupt PNG images could lead to long running loops and denial of service.

What's Changed

[Snyk] Upgrade @babel/runtime from 7.26.7 to 7.26.9 by @MrRio in parallax/jsPDF#3847

... (truncated)

Commits

e6cf03d 4.0.0
a688c8f restrict file system access in node build (#3931)
a504e97 3.0.4
de802ab Fix Incorrect Typing for Margins in the TableConfig Interface Definition (#3816)
87162d1 chore: bump checkout, setup-node, and stale actions (#3907)
e7dc622 Fix: Context2d font regex too restrictive ( #3904 ) (#3906)
e080935 Do not add pages dynamically unless autoPaging is enabled (#3915)
c768910 add package.json exports field (#3903)
c10d90c Fix API.internal.pages not being updated when restoring a RenderTarget ( #389...
2db3d9d fix font list cache invalidation issue in context2d module (#3891)
Additional commits viewable in compare view

Updates vite from 5.4.19 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970

chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736

fix: port sirv@3.0.2 changes to sirv@2.0.4 (#20737) (4f1c35b), closes #20737

Commits

adce3c2 release: v5.4.21
cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
ca88ed7 chore: update CHANGELOG
997700f release: v5.4.20
482000f fix: apply fs.strict check to HTML files (#20736)
See full diff in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates qs from 6.13.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

[Tests] utils.merge: add some coverage

[Tests] fix a test case

[actions] split out node 10-20, and 20+

[Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates vega-functions from 6.1.0 to 6.1.1

Release notes

Sourced from vega-functions's releases.

v6.1.1

Full Changelog: https://github.com/vega/vega/compare/v6.1.0...v6.1.1

Commits

d67c1b7 chore: bump to 6.1.1
e574530 chore: bump vega-cli
See full diff in compare view

Maintainer changes

This version was pushed to npm by hydrosquall, a new releaser for vega-functions since your current version.

Updates vega-selections from 6.1.0 to 6.1.2

Release notes

Sourced from vega-selections's releases.

v6.1.2

Full Changelog: https://github.com/vega/vega/compare/v6.1.1...v6.1.2

v6.1.1

Full Changelog: https://github.com/vega/vega/compare/v6.1.0...v6.1.1

Commits

18a55af chore: fix json of package.json
38957ff chore: bump vega
bb800e9 chore: simplify gitignore
b737e03 fix: run npm pkg fix
d67c1b7 chore: bump to 6.1.1
e574530 chore: bump vega-cli
See full diff in compare view

Maintainer changes

This version was pushed to npm by hydrosquall, a new releaser for vega-selections since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/20393 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 1/5/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/npm_and_yarn-8ddc992055` --- ### 📝 Commits (1) - [`7492e36`](https://github.com/open-webui/open-webui/commit/7492e36e38e587380dc420c5d5db981ee0cdcf59) chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates ### 📊 Changes **2 files changed** (+175 additions, -646 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+173 -644) 📝 `package.json` (+2 -2) </details> ### 📄 Description Bumps the npm_and_yarn group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [jspdf](https://github.com/parallax/jsPDF) | `3.0.1` | `4.0.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.19` | `5.4.21` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` | | [vega-functions](https://github.com/vega/vega) | `6.1.0` | `6.1.1` | | [vega-selections](https://github.com/vega/vega) | `6.1.0` | `6.1.2` | Updates `jspdf` from 3.0.1 to 4.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/parallax/jsPDF/releases">jspdf's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>This release fixes a critical path traversal/local file inclusion <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2">security vulnerability</a> in the jsPDF Node.js build. File system access is now restricted by default and can be enabled by either using node's <a href="https://nodejs.org/api/permissions.html"><code>--permission</code></a> flag or the new <a href="https://raw.githack.com/MrRio/jsPDF/master/docs/module-fileloading.html#~allowFsRead"><code>jsPDF.allowFsRead</code></a> property.</p> <p>There are no other breaking changes.</p> <h2>v3.0.4</h2> <p>This release includes a bunch of bugfixes. Thanks to all contributors!</p> <h2>What's Changed</h2> <ul> <li>[Snyk] Upgrade <code>@babel/runtime</code> from 7.28.3 to 7.28.4 by <a href="https://github.com/MrRio"><code>@MrRio</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3895">parallax/jsPDF#3895</a></li> <li>fix: cell function now properly accepts align parameter by <a href="https://github.com/vishal-rathod-07"><code>@vishal-rathod-07</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3896">parallax/jsPDF#3896</a></li> <li>Remove duplicated function "ga" from WebPDecoder.js by <a href="https://github.com/jvdp"><code>@jvdp</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3902">parallax/jsPDF#3902</a></li> <li>Fix font state management issue <a href="https://redirect.github.com/parallax/jsPDF/issues/3890">#3890</a> by <a href="https://github.com/srikanth-s2003"><code>@srikanth-s2003</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3891">parallax/jsPDF#3891</a></li> <li>Fix pages property to always return current array reference ( <a href="https://redirect.github.com/parallax/jsPDF/issues/3898">#3898</a> ) by <a href="https://github.com/Opineppes"><code>@Opineppes</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3899">parallax/jsPDF#3899</a></li> <li>Fix jsPDF + Vite compatibility issue <a href="https://redirect.github.com/parallax/jsPDF/issues/3851">#3851</a> by <a href="https://github.com/tishajain25"><code>@tishajain25</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3903">parallax/jsPDF#3903</a></li> <li>Do not add pages dynamically unless autoPaging is enabled by <a href="https://github.com/anmiles"><code>@anmiles</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3915">parallax/jsPDF#3915</a></li> <li>Fix: Context2d font regex too restrictive ( <a href="https://redirect.github.com/parallax/jsPDF/issues/3904">#3904</a> ) by <a href="https://github.com/Opineppes"><code>@Opineppes</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3906">parallax/jsPDF#3906</a></li> <li>Fix Incorrect Typing for Margins in the TableConfig Interface Definition by <a href="https://github.com/Maito1794"><code>@Maito1794</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3816">parallax/jsPDF#3816</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/survivant"><code>@survivant</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3897">parallax/jsPDF#3897</a></li> <li><a href="https://github.com/vishal-rathod-07"><code>@vishal-rathod-07</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3896">parallax/jsPDF#3896</a></li> <li><a href="https://github.com/jvdp"><code>@jvdp</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3902">parallax/jsPDF#3902</a></li> <li><a href="https://github.com/srikanth-s2003"><code>@srikanth-s2003</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3891">parallax/jsPDF#3891</a></li> <li><a href="https://github.com/Opineppes"><code>@Opineppes</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3899">parallax/jsPDF#3899</a></li> <li><a href="https://github.com/tishajain25"><code>@tishajain25</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3903">parallax/jsPDF#3903</a></li> <li><a href="https://github.com/anmiles"><code>@anmiles</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3915">parallax/jsPDF#3915</a></li> <li><a href="https://github.com/josephyi"><code>@josephyi</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3907">parallax/jsPDF#3907</a></li> <li><a href="https://github.com/Maito1794"><code>@Maito1794</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3816">parallax/jsPDF#3816</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/parallax/jsPDF/compare/v3.0.3...v3.1.0">https://github.com/parallax/jsPDF/compare/v3.0.3...v3.1.0</a></p> <h2>v3.0.3</h2> <p>This release fixes regressions with PNG encoding that were introduced in v3.0.2.</p> <h2>What's Changed</h2> <ul> <li>Fix division by zero when calculating word spacing by <a href="https://github.com/alxndr-pggm"><code>@alxndr-pggm</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3879">parallax/jsPDF#3879</a></li> <li>fix scaling of form object bounding boxes by <a href="https://github.com/HackbrettXXX"><code>@HackbrettXXX</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3888">parallax/jsPDF#3888</a></li> <li>fix regressions in PNG encoding that were introduced in 3.0.2 by <a href="https://github.com/HackbrettXXX"><code>@HackbrettXXX</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3887">parallax/jsPDF#3887</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/alxndr-pggm"><code>@alxndr-pggm</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3879">parallax/jsPDF#3879</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/parallax/jsPDF/compare/v3.0.2...v3.0.3">https://github.com/parallax/jsPDF/compare/v3.0.2...v3.0.3</a></p> <h2>v3.0.2</h2> <p>This release fixes a <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw">security issue</a> where parsing of corrupt PNG images could lead to long running loops and denial of service.</p> <h2>What's Changed</h2> <ul> <li>[Snyk] Upgrade <code>@babel/runtime</code> from 7.26.7 to 7.26.9 by <a href="https://github.com/MrRio"><code>@MrRio</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3847">parallax/jsPDF#3847</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/parallax/jsPDF/commit/e6cf03db2499ef0a9ccc54b2aba45156c5b32b3c"><code>e6cf03d</code></a> 4.0.0</li> <li><a href="https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"><code>a688c8f</code></a> restrict file system access in node build (<a href="https://redirect.github.com/parallax/jsPDF/issues/3931">#3931</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/a504e973eeebac633351b41860945ca2a2cdf096"><code>a504e97</code></a> 3.0.4</li> <li><a href="https://github.com/parallax/jsPDF/commit/de802ab2f41f400e2b44183ebae30706913a4ee5"><code>de802ab</code></a> Fix Incorrect Typing for Margins in the TableConfig Interface Definition (<a href="https://redirect.github.com/parallax/jsPDF/issues/3816">#3816</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/87162d193c3412eabce0394dedf572f05bcacf69"><code>87162d1</code></a> chore: bump checkout, setup-node, and stale actions (<a href="https://redirect.github.com/parallax/jsPDF/issues/3907">#3907</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/e7dc62278e581a6fd2ed12b6e188b4a208e84232"><code>e7dc622</code></a> Fix: Context2d font regex too restrictive ( <a href="https://redirect.github.com/parallax/jsPDF/issues/3904">#3904</a> ) (<a href="https://redirect.github.com/parallax/jsPDF/issues/3906">#3906</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/e0809352be5d8e5827e0704e244a7d20c4b10777"><code>e080935</code></a> Do not add pages dynamically unless autoPaging is enabled (<a href="https://redirect.github.com/parallax/jsPDF/issues/3915">#3915</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/c768910dab2f46a0d9bf2a9914e8923c82328b9d"><code>c768910</code></a> add package.json exports field (<a href="https://redirect.github.com/parallax/jsPDF/issues/3903">#3903</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/c10d90c7f4d10efdbcc0ed8cff9ff426289bb3fb"><code>c10d90c</code></a> Fix API.internal.pages not being updated when restoring a RenderTarget ( <a href="https://redirect.github.com/parallax/jsPDF/issues/389">#389</a>...</li> <li><a href="https://github.com/parallax/jsPDF/commit/2db3d9d69089ea8318ee16460a6ef1c2b3a80537"><code>2db3d9d</code></a> fix font list cache invalidation issue in context2d module (<a href="https://redirect.github.com/parallax/jsPDF/issues/3891">#3891</a>)</li> <li>Additional commits viewable in <a href="https://github.com/parallax/jsPDF/compare/v3.0.1...v4.0.0">compare view</a></li> </ul> </details> <br /> Updates `vite` from 5.4.19 to 5.4.21 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v5.4.21</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v5.4.20</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2>5.4.21 (2025-10-20)</h2> <ul> <li>fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20970">#20970</a>) (<a href="https://github.com/vitejs/vite/commit/cad1d31d0635dd8fd4ddfe6e5a92eb9ff13cd06c">cad1d31</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20968">#20968</a> <a href="https://redirect.github.com/vitejs/vite/issues/20970">#20970</a></li> <li>chore: update CHANGELOG (<a href="https://github.com/vitejs/vite/commit/ca88ed7398288ce0c60176ac9a6392f10654c67c">ca88ed7</a>)</li> </ul> <h2>5.4.20 (2025-09-08)</h2> <ul> <li>fix: apply <code>fs.strict</code> check to HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>) (<a href="https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea">482000f</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20736">#20736</a></li> <li>fix: port sirv@3.0.2 changes to sirv@2.0.4 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20737">#20737</a>) (<a href="https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069">4f1c35b</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/20737">#20737</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/adce3c22c64cc9d44cc8f45cc92b543e3e4bf385"><code>adce3c2</code></a> release: v5.4.21</li> <li><a href="https://github.com/vitejs/vite/commit/cad1d31d0635dd8fd4ddfe6e5a92eb9ff13cd06c"><code>cad1d31</code></a> fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20970">#20970</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/ca88ed7398288ce0c60176ac9a6392f10654c67c"><code>ca88ed7</code></a> chore: update CHANGELOG</li> <li><a href="https://github.com/vitejs/vite/commit/997700f01c7199daf7330d33a7fd3a43b2e9e3ba"><code>997700f</code></a> release: v5.4.20</li> <li><a href="https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea"><code>482000f</code></a> fix: apply <code>fs.strict</code> check to HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>)</li> <li>See full diff in <a href="https://github.com/vitejs/vite/commits/v5.4.21/packages/vite">compare view</a></li> </ul> </details> <br /> Updates `js-yaml` from 4.1.0 to 4.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a"><code>cc482e7</code></a> 4.1.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f"><code>50968b8</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b"><code>d092d86</code></a> lint fix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"><code>383665f</code></a> fix prototype pollution in merge (<<)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976"><code>0d3ca7a</code></a> README.md: HTTP => HTTPS (<a href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b"><code>49baadd</code></a> doc: 'empty' style option for !!null</li> <li><a href="https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce"><code>ba3460e</code></a> Fix demo link (<a href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare view</a></li> </ul> </details> <br /> Updates `qs` from 6.13.0 to 6.14.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> <li>[Tests] <code>utils.merge</code>: add some coverage</li> <li>[Tests] fix a test case</li> <li>[actions] split out node 10-20, and 20+</li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>mock-property</code>, <code>object-inspect</code>, <code>tape</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/3fa11a5f643c76896387bd2d86904a2d0141fdf7"><code>3fa11a5</code></a> v6.14.1</li> <li><a href="https://github.com/ljharb/qs/commit/a62670423c1ccab0dd83c621bfb98c7c024e314d"><code>a626704</code></a> [Dev Deps] update <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"><code>3086902</code></a> [Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li><a href="https://github.com/ljharb/qs/commit/fc7930e86c2264c1568c9f5606830e19b0bc2af2"><code>fc7930e</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/0b06aac566abee45ef0327667a7cc89e7aed8b58"><code>0b06aac</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/64951f6200a1fb72cc003c6e8226dde3d2ef591f"><code>64951f6</code></a> [Refactor] <code>parse</code>: extract key segment splitting helper</li> <li><a href="https://github.com/ljharb/qs/commit/e1bd2599cdff4c936ea52fb1f16f921cbe7aa88c"><code>e1bd259</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/f4b3d39709fef6ddbd85128d1ba4c6b566c4902e"><code>f4b3d39</code></a> [eslint] add eslint 9 optional peer dep</li> <li><a href="https://github.com/ljharb/qs/commit/6e94d9596ca50dffafcef40a5f64eca89962cf34"><code>6e94d95</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/973dc3c51c86da9f4e30edeb4b1725158d439102"><code>973dc3c</code></a> [actions] add workflow permissions</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.1">compare view</a></li> </ul> </details> <br /> Updates `vega-functions` from 6.1.0 to 6.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vega/vega/releases">vega-functions's releases</a>.</em></p> <blockquote> <h2>v6.1.1</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.1">https://github.com/vega/vega/compare/v6.1.0...v6.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vega/vega/commit/d67c1b7d5ee707eabd82905088aff1605ca866ba"><code>d67c1b7</code></a> chore: bump to 6.1.1</li> <li><a href="https://github.com/vega/vega/commit/e5745308e2b0573d95eeca63c981c6db79b17a52"><code>e574530</code></a> chore: bump vega-cli</li> <li>See full diff in <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~hydrosquall">hydrosquall</a>, a new releaser for vega-functions since your current version.</p> </details> <br /> Updates `vega-selections` from 6.1.0 to 6.1.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vega/vega/releases">vega-selections's releases</a>.</em></p> <blockquote> <h2>v6.1.2</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/vega/vega/compare/v6.1.1...v6.1.2">https://github.com/vega/vega/compare/v6.1.1...v6.1.2</a></p> <h2>v6.1.1</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.1">https://github.com/vega/vega/compare/v6.1.0...v6.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vega/vega/commit/18a55af6207fb183510659bdec3922eddc9a6022"><code>18a55af</code></a> chore: fix json of package.json</li> <li><a href="https://github.com/vega/vega/commit/38957ff074288c014230bd55bbcd0acf6d1ee1ec"><code>38957ff</code></a> chore: bump vega</li> <li><a href="https://github.com/vega/vega/commit/bb800e9dcedaa2d53b729d753cf8a66d221a3063"><code>bb800e9</code></a> chore: simplify gitignore</li> <li><a href="https://github.com/vega/vega/commit/b737e032d9d1dee557bbb9fa0fdbf0789220ee61"><code>b737e03</code></a> fix: run <code>npm pkg fix</code></li> <li><a href="https://github.com/vega/vega/commit/d67c1b7d5ee707eabd82905088aff1605ca866ba"><code>d67c1b7</code></a> chore: bump to 6.1.1</li> <li><a href="https://github.com/vega/vega/commit/e5745308e2b0573d95eeca63c981c6db79b17a52"><code>e574530</code></a> chore: bump vega-cli</li> <li>See full diff in <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~hydrosquall">hydrosquall</a>, a new releaser for vega-selections since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/open-webui/open-webui/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-05-18 13:08:24 -05:00

GiteaMirror closed this issue

2026-05-18 13:08:28 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#112907