[PR #22310] [CLOSED] chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates #113917

Closed
opened 2026-05-18 14:28:35 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/22310
Author: @dependabot[bot]
Created: 3/6/2026
Status: Closed

Base: mainHead: dependabot/npm_and_yarn/npm_and_yarn-14cb525aec


📝 Commits (1)

  • c454ba6 chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates

📊 Changes

2 files changed (+557 additions, -684 deletions)

View changed files

📝 package-lock.json (+551 -678)
📝 package.json (+6 -6)

📄 Description

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package From To
dompurify 3.2.6 3.3.2
jspdf 4.0.0 4.2.0
svelte 5.42.2 5.53.7
minimatch 3.1.2 3.1.5
immutable 5.0.3 5.1.5
js-yaml 4.1.0 4.1.1
markdown-it 14.1.0 14.1.1
qs 6.13.0 6.14.2
rollup 4.22.4 4.59.0
tar 7.4.3 7.5.10
underscore 1.13.7 1.13.8

Updates dompurify from 3.2.6 to 3.3.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua

DOMPurify 3.3.1

  • Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @​MariusRumpf
  • Updated the ESM import syntax to be more correct, thanks @​binhpv

DOMPurify 3.3.0

  • Added the SVG mask-type attribute to default allow-list, thanks @​prasadrajandran
  • Added support for ADD_ATTR and ADD_TAGS to accept functions, thanks @​nelstrom
  • Fixed an issue with the slot element being in both SVG and HTML allow-list, thanks @​Wim-Valgaeren

DOMPurify 3.2.7

  • Added new attributes and elements to default allow-list, thanks @​elrion018
  • Added tagName parameter to custom element attributeNameCheck, thanks @​nelstrom
  • Added better check for animated href attributes, thanks @​llamakko
  • Updated and improved the bundled types, thanks @​ssi02014
  • Updated several tests to better align with new browser encoding behaviors
  • Improved the handling of potentially risky content inside CDATA elements, thanks @​securityMB & @​terjanq
  • Improved the regular expression for raw-text elements to cover textareas, thanks @​securityMB & @​terjanq
Commits
  • 5e56114 Getting 3.x branch ready for 3.3.2 release (#1208)
  • e8c95f4 fix: Fixed the broken package-lock.json
  • 9636037 Update package-lock.json
  • 5cad4ce Getting 3.x branch ready for 3.3.2 releas (#1205)
  • 6fc446a Merge pull request #1175 from cure53/main
  • 3b3bf91 Merge branch 'main' of github.com:cure53/DOMPurify
  • 9863f41 chore: Preparing 3.3.1 release
  • b4e0295 chore: Preparing 3.3.0 release
  • 077746b build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1170)
  • 4de68bb build(deps): bump actions/checkout from 5 to 6 (#1171)
  • Additional commits viewable in compare view

Updates jspdf from 4.0.0 to 4.2.0

Release notes

Sourced from jspdf's releases.

v4.2.0

This release fixes three security issues.

What's Changed

New Contributors

Full Changelog: https://github.com/parallax/jsPDF/compare/v4.1.0...v4.2.0

v4.1.0

This release fixes several security issues.

What's Changed

Full Changelog: https://github.com/parallax/jsPDF/compare/v4.0.0...v4.1.0

Commits

Updates svelte from 5.42.2 to 5.53.7

Release notes

Sourced from svelte's releases.

svelte@5.53.7

Patch Changes

  • fix: correctly add __svelte_meta after else-if chains (#17830)

  • perf: cache element interactivity and source line splitting in compiler (#17839)

  • chore: avoid rescheduling effects during branch commit (#17837)

  • perf: optimize CSS selector pruning (#17846)

  • fix: preserve original boundary errors when keyed each rows are removed during async updates (#17843)

  • perf: avoid O(n²) name scanning in scope generate and unique (#17844)

  • fix: preserve each items that are needed by pending batches (#17819)

svelte@5.53.6

Patch Changes

  • perf: optimize parser hot paths for faster compilation (#17811)

  • fix: SvelteMap incorrectly handles keys with undefined values (#17826)

  • fix: SvelteURL search setter now returns the normalized value, matching native URL behavior (#17828)

  • fix: visit synthetic value node during ssr (#17824)

  • fix: always case insensitive event handlers during ssr (#17822)

  • chore: more efficient effect scheduling (#17808)

  • perf: optimize compiler analysis phase (#17823)

  • fix: skip redundant batch.apply (#17816)

  • chore: null out current_batch before committing branches (#17809)

svelte@5.53.5

Patch Changes

svelte@5.53.4

Patch Changes

  • fix: set server context after async transformError (#17799)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.53.7

Patch Changes

  • fix: correctly add __svelte_meta after else-if chains (#17830)

  • perf: cache element interactivity and source line splitting in compiler (#17839)

  • chore: avoid rescheduling effects during branch commit (#17837)

  • perf: optimize CSS selector pruning (#17846)

  • fix: preserve original boundary errors when keyed each rows are removed during async updates (#17843)

  • perf: avoid O(n²) name scanning in scope generate and unique (#17844)

  • fix: preserve each items that are needed by pending batches (#17819)

5.53.6

Patch Changes

  • perf: optimize parser hot paths for faster compilation (#17811)

  • fix: SvelteMap incorrectly handles keys with undefined values (#17826)

  • fix: SvelteURL search setter now returns the normalized value, matching native URL behavior (#17828)

  • fix: visit synthetic value node during ssr (#17824)

  • fix: always case insensitive event handlers during ssr (#17822)

  • chore: more efficient effect scheduling (#17808)

  • perf: optimize compiler analysis phase (#17823)

  • fix: skip redundant batch.apply (#17816)

  • chore: null out current_batch before committing branches (#17809)

5.53.5

Patch Changes

5.53.4

... (truncated)

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates devalue from 5.1.1 to 5.6.3

Release notes

Sourced from devalue's releases.

v5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

v5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

  • 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

  • ca3c7b6: chore: Remove impossible void type from replacer's uneval

v5.4.0

Minor Changes

  • 9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

  • b617c7c: perf: shrink uneval output with null-proto objects

v5.3.2

Patch Changes

... (truncated)

Changelog

Sourced from devalue's changelog.

5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

  • 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

5.4.1

Patch Changes

  • ca3c7b6: chore: Remove impossible void type from replacer's uneval

5.4.0

Minor Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.


Updates immutable from 5.0.3 to 5.1.5

Release notes

Sourced from immutable's releases.

v5.1.5

What's Changed

Full Changelog: https://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5

v5.1.4

What's Changed

Documentation

Internal

New Contributors

Full Changelog: https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4

v5.1.3

What's Changed

TypeScript

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples.

... (truncated)

Changelog

Sourced from immutable's changelog.

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Documentation

Internal

5.1.3

TypeScript

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: https://immutable-js.com/browser-extension/

Internal

5.1.2

... (truncated)

Commits
  • b37b855 5.1.5
  • 16b3313 Merge commit from fork
  • fd2ef49 fix new proto key injection
  • 6734b7b fix Prototype Pollution in mergeDeep, toJS, etc.
  • 6f772de Merge pull request #2175 from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0
  • 5f3dc61 Bump rollup from 4.34.8 to 4.59.0
  • 049a594 Merge pull request #2173 from immutable-js/dependabot/npm_and_yarn/lodash-4.1...
  • 2481a77 Merge pull request #2172 from mrazauskas/update-tstyche
  • eb04779 Bump lodash from 4.17.21 to 4.17.23
  • b973bf3 format
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for immutable since your current version.


Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

  • Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.
Commits

Updates qs from 6.13.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions

6.14.1

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

  • [Robustness] avoid .push, use void
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [actions] fix rebase workflow permissions

6.13.1

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup

... (truncated)

Commits
  • bdcf0c7 v6.14.2
  • 294db90 [readme] document that addQueryPrefix does not add ? to empty output
  • 5c308e5 [readme] clarify parseArrays and arrayLimit documentation
  • 6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
  • cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
  • febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
  • f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
  • fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
  • 1b9a8b4 [actions] fix rebase workflow permissions
  • 2a35775 [meta] fix changelog typo (arrayLengtharrayLimit)
  • Additional commits viewable in compare view

Updates rollup from 4.22.4 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

v4.58.0

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

v4.57.1

4.57.1

2026-01-30

Bug Fixes

  • Fix heap corruption issue in Windows (#6251)
  • Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

4.57.1

2026-01-30

Bug Fixes

  • Fix heap corruption issue in Windows (#6251)
  • Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates tar from 7.4.3 to 7.5.10

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/22310 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 3/6/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/npm_and_yarn-14cb525aec` --- ### 📝 Commits (1) - [`c454ba6`](https://github.com/open-webui/open-webui/commit/c454ba6ccdc6d850b0fbf14d9c231eb8c635ad9b) chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates ### 📊 Changes **2 files changed** (+557 additions, -684 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+551 -678) 📝 `package.json` (+6 -6) </details> ### 📄 Description Bumps the npm_and_yarn group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [dompurify](https://github.com/cure53/DOMPurify) | `3.2.6` | `3.3.2` | | [jspdf](https://github.com/parallax/jsPDF) | `4.0.0` | `4.2.0` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.42.2` | `5.53.7` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [immutable](https://github.com/immutable-js/immutable-js) | `5.0.3` | `5.1.5` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.2` | | [rollup](https://github.com/rollup/rollup) | `4.22.4` | `4.59.0` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.10` | | [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` | Updates `dompurify` from 3.2.6 to 3.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.3.2</h2> <ul> <li>Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters</li> <li>Fixed a prototype pollution issue when working with custom elements, thanks <a href="https://github.com/christos-eth"><code>@​christos-eth</code></a></li> <li>Fixed a lenient config parsing in <code>_isValidAttribute</code>, thanks <a href="https://github.com/christos-eth"><code>@​christos-eth</code></a></li> <li>Bumped and removed several dependencies, thanks <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> <li>Fixed the test suite after bumping dependencies, thanks <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> </ul> <h2>DOMPurify 3.3.1</h2> <ul> <li>Updated <code>ADD_FORBID_CONTENTS</code> setting to extend default list, thanks <a href="https://github.com/MariusRumpf"><code>@​MariusRumpf</code></a></li> <li>Updated the ESM import syntax to be more correct, thanks <a href="https://github.com/binhpv"><code>@​binhpv</code></a></li> </ul> <h2>DOMPurify 3.3.0</h2> <ul> <li>Added the SVG <code>mask-type</code> attribute to default allow-list, thanks <a href="https://github.com/prasadrajandran"><code>@​prasadrajandran</code></a></li> <li>Added support for <code>ADD_ATTR</code> and <code>ADD_TAGS</code> to accept functions, thanks <a href="https://github.com/nelstrom"><code>@​nelstrom</code></a></li> <li>Fixed an issue with the <code>slot</code> element being in both SVG and HTML allow-list, thanks <a href="https://github.com/Wim-Valgaeren"><code>@​Wim-Valgaeren</code></a></li> </ul> <h2>DOMPurify 3.2.7</h2> <ul> <li>Added new attributes and elements to default allow-list, thanks <a href="https://github.com/elrion018"><code>@​elrion018</code></a></li> <li>Added <code>tagName</code> parameter to custom element <code>attributeNameCheck</code>, thanks <a href="https://github.com/nelstrom"><code>@​nelstrom</code></a></li> <li>Added better check for animated <code>href</code> attributes, thanks <a href="https://github.com/llamakko"><code>@​llamakko</code></a></li> <li>Updated and improved the bundled types, thanks <a href="https://github.com/ssi02014"><code>@​ssi02014</code></a></li> <li>Updated several tests to better align with new browser encoding behaviors</li> <li>Improved the handling of potentially risky content inside CDATA elements, thanks <a href="https://github.com/securityMB"><code>@​securityMB</code></a> &amp; <a href="https://github.com/terjanq"><code>@​terjanq</code></a></li> <li>Improved the regular expression for raw-text elements to cover textareas, thanks <a href="https://github.com/securityMB"><code>@​securityMB</code></a> &amp; <a href="https://github.com/terjanq"><code>@​terjanq</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/5e56114cb24079ce52dbc51f76e494b77afa5153"><code>5e56114</code></a> Getting 3.x branch ready for 3.3.2 release (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1208">#1208</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/e8c95f4a27aa8b041f92b59ab7685a94f7be6208"><code>e8c95f4</code></a> fix: Fixed the broken package-lock.json</li> <li><a href="https://github.com/cure53/DOMPurify/commit/9636037c145b769dad0b52da8313301cbf867f46"><code>9636037</code></a> Update package-lock.json</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5cad4cecf2e647ac66eed25bc02a2415f00dbc8b"><code>5cad4ce</code></a> Getting 3.x branch ready for 3.3.2 releas (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1205">#1205</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6fc446a589ab3d1d72ae2a5b71167ba38dbd3096"><code>6fc446a</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1175">#1175</a> from cure53/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/3b3bf917d2b39460de6d130acebdc9243cf3e6ae"><code>3b3bf91</code></a> Merge branch 'main' of github.com:cure53/DOMPurify</li> <li><a href="https://github.com/cure53/DOMPurify/commit/9863f4195bae6048de9eb2802219218c6904066c"><code>9863f41</code></a> chore: Preparing 3.3.1 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/b4e02954dc4172c3944a755f3e99fbb76be64f7b"><code>b4e0295</code></a> chore: Preparing 3.3.0 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/077746bb2cfb77836dfb628dca7ffc7ced8a5356"><code>077746b</code></a> build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1170">#1170</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/4de68bba9aba43dc3bba9348df603b64fc06d591"><code>4de68bb</code></a> build(deps): bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1171">#1171</a>)</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.2.6...3.3.2">compare view</a></li> </ul> </details> <br /> Updates `jspdf` from 4.0.0 to 4.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/parallax/jsPDF/releases">jspdf's releases</a>.</em></p> <blockquote> <h2>v4.2.0</h2> <p>This release fixes three security issues.</p> <h2>What's Changed</h2> <ul> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m">PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton children)</a> vulnerability.</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj">Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions</a> vulnerability.</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp">PDF Object Injection via Unsanitized Input in addJS Method</a> vulnerability.</li> <li>Add &quot;default&quot; property to export section in package.json by <a href="https://github.com/stefan-schweiger"><code>@​stefan-schweiger</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3953">parallax/jsPDF#3953</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/stefan-schweiger"><code>@​stefan-schweiger</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3953">parallax/jsPDF#3953</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/parallax/jsPDF/compare/v4.1.0...v4.2.0">https://github.com/parallax/jsPDF/compare/v4.1.0...v4.2.0</a></p> <h2>v4.1.0</h2> <p>This release fixes several security issues.</p> <h2>What's Changed</h2> <ul> <li>Upgrade optional dompurify dependency to 3.3.1 in <a href="https://redirect.github.com/parallax/jsPDF/pull/3948">parallax/jsPDF#3948</a></li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328">PDF Injection in AcroForm module allows Arbitrary JavaScript Execution</a> vulnerability</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422">Stored XMP Metadata Injection (Spoofing &amp; Integrity Violation)</a> vulnerability</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4">Shared State Race Condition in addJS Method</a> vulnerability</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c">Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder</a> vulnerability</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/parallax/jsPDF/compare/v4.0.0...v4.1.0">https://github.com/parallax/jsPDF/compare/v4.0.0...v4.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/parallax/jsPDF/commit/7af912cadaf0f9a2ad28afe7af53033a2c61de64"><code>7af912c</code></a> 4.2.0</li> <li><a href="https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437"><code>56b46d4</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"><code>2e5e156</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375"><code>71ad2db</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/885a7778070d500887c9a5d2b02b55460009a9d0"><code>885a777</code></a> fix: upgrade <code>@​babel/runtime</code> from 7.28.4 to 7.28.6 (<a href="https://redirect.github.com/parallax/jsPDF/issues/3954">#3954</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/3b92c7da6b3218e63a4f0c98bb9c4ddaba29eb06"><code>3b92c7d</code></a> Add default export to package.json (<a href="https://redirect.github.com/parallax/jsPDF/issues/3953">#3953</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/02273814bf0222eda02944f9a14128811f3b5a33"><code>0227381</code></a> 4.1.0</li> <li><a href="https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d"><code>ae4b93f</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e"><code>2863e5c</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff"><code>efe54bf</code></a> Merge commit from fork</li> <li>Additional commits viewable in <a href="https://github.com/parallax/jsPDF/compare/v4.0.0...v4.2.0">compare view</a></li> </ul> </details> <br /> Updates `svelte` from 5.42.2 to 5.53.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/svelte/releases">svelte's releases</a>.</em></p> <blockquote> <h2>svelte@5.53.7</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: correctly add __svelte_meta after else-if chains (<a href="https://redirect.github.com/sveltejs/svelte/pull/17830">#17830</a>)</p> </li> <li> <p>perf: cache element interactivity and source line splitting in compiler (<a href="https://redirect.github.com/sveltejs/svelte/pull/17839">#17839</a>)</p> </li> <li> <p>chore: avoid rescheduling effects during branch commit (<a href="https://redirect.github.com/sveltejs/svelte/pull/17837">#17837</a>)</p> </li> <li> <p>perf: optimize CSS selector pruning (<a href="https://redirect.github.com/sveltejs/svelte/pull/17846">#17846</a>)</p> </li> <li> <p>fix: preserve original boundary errors when keyed each rows are removed during async updates (<a href="https://redirect.github.com/sveltejs/svelte/pull/17843">#17843</a>)</p> </li> <li> <p>perf: avoid O(n²) name scanning in scope <code>generate</code> and <code>unique</code> (<a href="https://redirect.github.com/sveltejs/svelte/pull/17844">#17844</a>)</p> </li> <li> <p>fix: preserve each items that are needed by pending batches (<a href="https://redirect.github.com/sveltejs/svelte/pull/17819">#17819</a>)</p> </li> </ul> <h2>svelte@5.53.6</h2> <h3>Patch Changes</h3> <ul> <li> <p>perf: optimize parser hot paths for faster compilation (<a href="https://redirect.github.com/sveltejs/svelte/pull/17811">#17811</a>)</p> </li> <li> <p>fix: <code>SvelteMap</code> incorrectly handles keys with <code>undefined</code> values (<a href="https://redirect.github.com/sveltejs/svelte/pull/17826">#17826</a>)</p> </li> <li> <p>fix: SvelteURL <code>search</code> setter now returns the normalized value, matching native URL behavior (<a href="https://redirect.github.com/sveltejs/svelte/pull/17828">#17828</a>)</p> </li> <li> <p>fix: visit synthetic value node during ssr (<a href="https://redirect.github.com/sveltejs/svelte/pull/17824">#17824</a>)</p> </li> <li> <p>fix: always case insensitive event handlers during ssr (<a href="https://redirect.github.com/sveltejs/svelte/pull/17822">#17822</a>)</p> </li> <li> <p>chore: more efficient effect scheduling (<a href="https://redirect.github.com/sveltejs/svelte/pull/17808">#17808</a>)</p> </li> <li> <p>perf: optimize compiler analysis phase (<a href="https://redirect.github.com/sveltejs/svelte/pull/17823">#17823</a>)</p> </li> <li> <p>fix: skip redundant batch.apply (<a href="https://redirect.github.com/sveltejs/svelte/pull/17816">#17816</a>)</p> </li> <li> <p>chore: null out current_batch before committing branches (<a href="https://redirect.github.com/sveltejs/svelte/pull/17809">#17809</a>)</p> </li> </ul> <h2>svelte@5.53.5</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: escape <code>innerText</code> and <code>textContent</code> bindings of <code>contenteditable</code> (<a href="https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d"><code>0df5abcae223058ceb95491470372065fb87951d</code></a>)</p> </li> <li> <p>fix: sanitize <code>transformError</code> values prior to embedding in HTML comments (<a href="https://github.com/sveltejs/svelte/commit/0298e979371bb583855c9810db79a70a551d22b9"><code>0298e979371bb583855c9810db79a70a551d22b9</code></a>)</p> </li> </ul> <h2>svelte@5.53.4</h2> <h3>Patch Changes</h3> <ul> <li>fix: set server context after async transformError (<a href="https://redirect.github.com/sveltejs/svelte/pull/17799">#17799</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md">svelte's changelog</a>.</em></p> <blockquote> <h2>5.53.7</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: correctly add __svelte_meta after else-if chains (<a href="https://redirect.github.com/sveltejs/svelte/pull/17830">#17830</a>)</p> </li> <li> <p>perf: cache element interactivity and source line splitting in compiler (<a href="https://redirect.github.com/sveltejs/svelte/pull/17839">#17839</a>)</p> </li> <li> <p>chore: avoid rescheduling effects during branch commit (<a href="https://redirect.github.com/sveltejs/svelte/pull/17837">#17837</a>)</p> </li> <li> <p>perf: optimize CSS selector pruning (<a href="https://redirect.github.com/sveltejs/svelte/pull/17846">#17846</a>)</p> </li> <li> <p>fix: preserve original boundary errors when keyed each rows are removed during async updates (<a href="https://redirect.github.com/sveltejs/svelte/pull/17843">#17843</a>)</p> </li> <li> <p>perf: avoid O(n²) name scanning in scope <code>generate</code> and <code>unique</code> (<a href="https://redirect.github.com/sveltejs/svelte/pull/17844">#17844</a>)</p> </li> <li> <p>fix: preserve each items that are needed by pending batches (<a href="https://redirect.github.com/sveltejs/svelte/pull/17819">#17819</a>)</p> </li> </ul> <h2>5.53.6</h2> <h3>Patch Changes</h3> <ul> <li> <p>perf: optimize parser hot paths for faster compilation (<a href="https://redirect.github.com/sveltejs/svelte/pull/17811">#17811</a>)</p> </li> <li> <p>fix: <code>SvelteMap</code> incorrectly handles keys with <code>undefined</code> values (<a href="https://redirect.github.com/sveltejs/svelte/pull/17826">#17826</a>)</p> </li> <li> <p>fix: SvelteURL <code>search</code> setter now returns the normalized value, matching native URL behavior (<a href="https://redirect.github.com/sveltejs/svelte/pull/17828">#17828</a>)</p> </li> <li> <p>fix: visit synthetic value node during ssr (<a href="https://redirect.github.com/sveltejs/svelte/pull/17824">#17824</a>)</p> </li> <li> <p>fix: always case insensitive event handlers during ssr (<a href="https://redirect.github.com/sveltejs/svelte/pull/17822">#17822</a>)</p> </li> <li> <p>chore: more efficient effect scheduling (<a href="https://redirect.github.com/sveltejs/svelte/pull/17808">#17808</a>)</p> </li> <li> <p>perf: optimize compiler analysis phase (<a href="https://redirect.github.com/sveltejs/svelte/pull/17823">#17823</a>)</p> </li> <li> <p>fix: skip redundant batch.apply (<a href="https://redirect.github.com/sveltejs/svelte/pull/17816">#17816</a>)</p> </li> <li> <p>chore: null out current_batch before committing branches (<a href="https://redirect.github.com/sveltejs/svelte/pull/17809">#17809</a>)</p> </li> </ul> <h2>5.53.5</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: escape <code>innerText</code> and <code>textContent</code> bindings of <code>contenteditable</code> (<a href="https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d"><code>0df5abcae223058ceb95491470372065fb87951d</code></a>)</p> </li> <li> <p>fix: sanitize <code>transformError</code> values prior to embedding in HTML comments (<a href="https://github.com/sveltejs/svelte/commit/0298e979371bb583855c9810db79a70a551d22b9"><code>0298e979371bb583855c9810db79a70a551d22b9</code></a>)</p> </li> </ul> <h2>5.53.4</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/svelte/commit/25a1c5368be77b1014c3ff8b79cf9b1fe7f706f5"><code>25a1c53</code></a> Version Packages (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17842">#17842</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/b7bc1309aa72cd942fabcf0aa29b9100c6cc7cf1"><code>b7bc130</code></a> fix: preserve original boundary errors when keyed each rows are removed durin...</li> <li><a href="https://github.com/sveltejs/svelte/commit/0965028d3b1416744dde2c03bc07f6853f2aa5d0"><code>0965028</code></a> perf: optimize CSS selector pruning (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17846">#17846</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/32111f9e847a5bfb33bdd9a125c368cbaf1580b1"><code>32111f9</code></a> perf: avoid O(n²) name scanning in scope generate/unique (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17844">#17844</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/2f12b6070107c1457a2f0b9d7ac652aee9e2394c"><code>2f12b60</code></a> chore: avoid reschedule during branch commit (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17837">#17837</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/00dc13db1496142d3d62d98655cf8a54ba67e468"><code>00dc13d</code></a> chore: highlight effect in tree (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17835">#17835</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/86ec2108668305ff9c0e5a2d67d888b86cb4874d"><code>86ec210</code></a> fix: correctly add <code>__svelte_meta</code> after else-if chains (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17830">#17830</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/7717ba01b42625f2022b7034063a25d8507560d7"><code>7717ba0</code></a> fix: preserve each items that are needed by pending batches (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17819">#17819</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/791d5e332c08d808bc51e90d7c60cc8b05bfa1f4"><code>791d5e3</code></a> perf: cache element interactivity and source line splitting (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17839">#17839</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/4aa3777271c444022e52cceba775fc9e82a42fa4"><code>4aa3777</code></a> chore: better log_effect_tree (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17833">#17833</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sveltejs/svelte/commits/svelte@5.53.7/packages/svelte">compare view</a></li> </ul> </details> <br /> Updates `minimatch` from 3.1.2 to 3.1.5 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712"><code>7bba978</code></a> 3.1.5</li> <li><a href="https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d"><code>bd25942</code></a> docs: add warning about ReDoS</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d"><code>1a9c27c</code></a> fix partial matching of globstar patterns</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23"><code>1a2e084</code></a> 3.1.4</li> <li><a href="https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47"><code>ae24656</code></a> update lockfile</li> <li><a href="https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e"><code>b100374</code></a> limit recursion for **, improve perf considerably</li> <li><a href="https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13"><code>26ffeaa</code></a> lockfile update</li> <li><a href="https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb"><code>9eca892</code></a> lock node version to 14</li> <li><a href="https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a"><code>00c323b</code></a> 3.1.3</li> <li><a href="https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b"><code>30486b2</code></a> update CI matrix and actions</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5">compare view</a></li> </ul> </details> <br /> Updates `devalue` from 5.1.1 to 5.6.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/devalue/releases">devalue's releases</a>.</em></p> <blockquote> <h2>v5.6.3</h2> <h3>Patch Changes</h3> <ul> <li>0f04d4d: fix: Properly handle <code>__proto__</code></li> <li>819f1ac: fix: better encoding for sparse arrays</li> </ul> <h2>v5.6.2</h2> <h3>Patch Changes</h3> <ul> <li>1175584: fix: validate input for <code>ArrayBuffer</code> parsing</li> <li>e46afa6: fix: validate input for typed arrays</li> <li>1175584: fix: more helpful errors for inputs causing stack overflows</li> </ul> <h2>v5.6.1</h2> <h3>Patch Changes</h3> <ul> <li>2161d44: fix: add hasOwn check before calling reviver</li> </ul> <h2>v5.6.0</h2> <h3>Minor Changes</h3> <ul> <li>a3d09d4: feat: expose <code>DevalueError</code> for <code>instanceof</code> checks in <code>catch</code> clauses</li> <li>a3d09d4: feat: add <code>value</code> and <code>root</code> properties in <code>DevalueError</code> instances</li> </ul> <h2>v5.5.0</h2> <h3>Minor Changes</h3> <ul> <li>828fa1c: Enable support for custom reducer/reviver for &quot;function&quot; values</li> </ul> <h2>v5.4.2</h2> <h3>Patch Changes</h3> <ul> <li>5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers</li> </ul> <h2>v5.4.1</h2> <h3>Patch Changes</h3> <ul> <li>ca3c7b6: chore: Remove impossible <code>void</code> type from replacer's <code>uneval</code></li> </ul> <h2>v5.4.0</h2> <h3>Minor Changes</h3> <ul> <li>9306d09: feat: pass <code>uneval</code> to replacer, for handling nested custom types</li> </ul> <h3>Patch Changes</h3> <ul> <li>b617c7c: perf: shrink <code>uneval</code> output with null-proto objects</li> </ul> <h2>v5.3.2</h2> <h3>Patch Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md">devalue's changelog</a>.</em></p> <blockquote> <h2>5.6.3</h2> <h3>Patch Changes</h3> <ul> <li>0f04d4d: fix: Properly handle <code>__proto__</code></li> <li>819f1ac: fix: better encoding for sparse arrays</li> </ul> <h2>5.6.2</h2> <h3>Patch Changes</h3> <ul> <li>1175584: fix: validate input for <code>ArrayBuffer</code> parsing</li> <li>e46afa6: fix: validate input for typed arrays</li> <li>1175584: fix: more helpful errors for inputs causing stack overflows</li> </ul> <h2>5.6.1</h2> <h3>Patch Changes</h3> <ul> <li>2161d44: fix: add hasOwn check before calling reviver</li> </ul> <h2>5.6.0</h2> <h3>Minor Changes</h3> <ul> <li>a3d09d4: feat: expose <code>DevalueError</code> for <code>instanceof</code> checks in <code>catch</code> clauses</li> <li>a3d09d4: feat: add <code>value</code> and <code>root</code> properties in <code>DevalueError</code> instances</li> </ul> <h2>5.5.0</h2> <h3>Minor Changes</h3> <ul> <li>828fa1c: Enable support for custom reducer/reviver for &quot;function&quot; values</li> </ul> <h2>5.4.2</h2> <h3>Patch Changes</h3> <ul> <li>5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers</li> </ul> <h2>5.4.1</h2> <h3>Patch Changes</h3> <ul> <li>ca3c7b6: chore: Remove impossible <code>void</code> type from replacer's <code>uneval</code></li> </ul> <h2>5.4.0</h2> <h3>Minor Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/devalue/commit/a4a37d208a4d1bdd0d58c82e5644c87cab855259"><code>a4a37d2</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/132">#132</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/819f1ac7475ab37547645cfb09bf2f678a799cf0"><code>819f1ac</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/0f04d4d678eac39ad5d7a07d1956275d7874e81c"><code>0f04d4d</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/fcf4e88275f2e2e45b9ea70ffaa5247c8f55f057"><code>fcf4e88</code></a> fix tests</li> <li><a href="https://github.com/sveltejs/devalue/commit/1d8a5ea5863bcd9992755ce5a3842265753cb4ab"><code>1d8a5ea</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/131">#131</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4"><code>1175584</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/e46afa64dd2b25aa35fb905ba5d20cea63aabbf7"><code>e46afa6</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/5e07a67eda945b3ac2ebac26b18863beabee7357"><code>5e07a67</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/129">#129</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/aa096040e21a17c628dabea4bcb9d2d4f4542366"><code>aa09604</code></a> Bump js-yaml from 3.14.1 to 3.14.2 (<a href="https://redirect.github.com/sveltejs/devalue/issues/125">#125</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/2161d4490aa66e4b120cfa9521874b6f857319dd"><code>2161d44</code></a> fix: add hasOwn check before calling reviver (<a href="https://redirect.github.com/sveltejs/devalue/issues/128">#128</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sveltejs/devalue/compare/v5.1.1...v5.6.3">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for devalue since your current version.</p> </details> <br /> Updates `immutable` from 5.0.3 to 5.1.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/immutable-js/immutable-js/releases">immutable's releases</a>.</em></p> <blockquote> <h2>v5.1.5</h2> <h2>What's Changed</h2> <ul> <li>Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable</li> <li>Upgrade devtools and use immutable version by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2158">immutable-js/immutable-js#2158</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5">https://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5</a></p> <h2>v5.1.4</h2> <h2>What's Changed</h2> <ul> <li>Migrate some files to TS by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2125">immutable-js/immutable-js#2125</a> <ul> <li>Iterator.ts</li> <li>PairSorting.ts</li> <li>toJS.ts</li> <li>Math.ts</li> <li>Hash.ts</li> </ul> </li> <li>Extract CollectionHelperMethods and convert to TS by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2131">immutable-js/immutable-js#2131</a></li> <li>Use npm <a href="https://docs.npmjs.com/trusted-publishers">trusted publishing only</a> to avoid token stealing.</li> </ul> <h3>Documentation</h3> <ul> <li>Fix/a11y issues by <a href="https://github.com/lyannel"><code>@​lyannel</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2136">immutable-js/immutable-js#2136</a></li> <li>Doc add Map.get signature update by <a href="https://github.com/borracciaBlu"><code>@​borracciaBlu</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2138">immutable-js/immutable-js#2138</a></li> <li>fix(doc):minor-issues#2132 by <a href="https://github.com/JayMeDotDot"><code>@​JayMeDotDot</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2133">immutable-js/immutable-js#2133</a></li> <li>Fix algolia search by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2135">immutable-js/immutable-js#2135</a></li> <li>Typo in OrderedMap by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2144">immutable-js/immutable-js#2144</a></li> </ul> <h3>Internal</h3> <ul> <li>chore: Sort all imports and activate eslint import rule by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2119">immutable-js/immutable-js#2119</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/JayMeDotDot"><code>@​JayMeDotDot</code></a> made their first contribution in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2133">immutable-js/immutable-js#2133</a></li> <li><a href="https://github.com/lyannel"><code>@​lyannel</code></a> made their first contribution in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2136">immutable-js/immutable-js#2136</a></li> <li><a href="https://github.com/borracciaBlu"><code>@​borracciaBlu</code></a> made their first contribution in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2138">immutable-js/immutable-js#2138</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4">https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4</a></p> <h2>v5.1.3</h2> <h2>What's Changed</h2> <h3>TypeScript</h3> <ul> <li>fix: allow readonly map entry constructor by <a href="https://github.com/septs"><code>@​septs</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2123">immutable-js/immutable-js#2123</a></li> </ul> <h3>Documentation</h3> <p>There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md">immutable's changelog</a>.</em></p> <blockquote> <h2>5.1.5</h2> <ul> <li>Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable</li> </ul> <h2>5.1.4</h2> <ul> <li>Migrate some files to TS by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2125">immutable-js/immutable-js#2125</a> <ul> <li>Iterator.ts</li> <li>PairSorting.ts</li> <li>toJS.ts</li> <li>Math.ts</li> <li>Hash.ts</li> </ul> </li> <li>Extract CollectionHelperMethods and convert to TS by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2131">immutable-js/immutable-js#2131</a></li> <li>Use npm <a href="https://docs.npmjs.com/trusted-publishers">trusted publishing only</a> to avoid token stealing.</li> </ul> <h3>Documentation</h3> <ul> <li>Fix/a11y issues by <a href="https://github.com/lyannel"><code>@​lyannel</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2136">immutable-js/immutable-js#2136</a></li> <li>Doc add Map.get signature update by <a href="https://github.com/borracciaBlu"><code>@​borracciaBlu</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2138">immutable-js/immutable-js#2138</a></li> <li>fix(doc):minor-issues#2132 by <a href="https://github.com/JayMeDotDot"><code>@​JayMeDotDot</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2133">immutable-js/immutable-js#2133</a></li> <li>Fix algolia search by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2135">immutable-js/immutable-js#2135</a></li> <li>Typo in OrderedMap by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2144">immutable-js/immutable-js#2144</a></li> </ul> <h3>Internal</h3> <ul> <li>chore: Sort all imports and activate eslint import rule by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2119">immutable-js/immutable-js#2119</a></li> </ul> <h2>5.1.3</h2> <h3>TypeScript</h3> <ul> <li>fix: allow readonly map entry constructor by <a href="https://github.com/septs"><code>@​septs</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2123">immutable-js/immutable-js#2123</a></li> </ul> <h3>Documentation</h3> <p>There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: <a href="https://immutable-js.com/browser-extension/">https://immutable-js.com/browser-extension/</a></p> <h3>Internal</h3> <ul> <li>replace rimraf by a node script by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2113">immutable-js/immutable-js#2113</a></li> <li>remove warning for tseslint config by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2114">immutable-js/immutable-js#2114</a></li> <li>Use default tsconfig for tests by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2055">immutable-js/immutable-js#2055</a></li> <li>add tests for arrCopy by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2120">immutable-js/immutable-js#2120</a></li> </ul> <h2>5.1.2</h2> <ul> <li>Revert previous assertion as it introduced a regression <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2102">#2102</a> by <a href="https://github.com/giggo1604"><code>@​giggo1604</code></a></li> <li>Merge should work with empty record <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2103">#2103</a> by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/immutable-js/immutable-js/commit/b37b85568632227751ddc8a16034cacc0f42b652"><code>b37b855</code></a> 5.1.5</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/16b3313fdf2c5f579f10799e22869f6909abf945"><code>16b3313</code></a> Merge commit from fork</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/fd2ef4977ee654c5bf26368dbf2f983c8d679bd6"><code>fd2ef49</code></a> fix new proto key injection</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/6734b7b2af7e9dadf517eb9473cc64d2dfe2e301"><code>6734b7b</code></a> fix Prototype Pollution in mergeDeep, toJS, etc.</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/6f772de1e44dcde14128e48d19081a7a077f2162"><code>6f772de</code></a> Merge pull request <a href="https://redirect.github.com/immutable-js/immutable-js/issues/2175">#2175</a> from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/5f3dc61fd0e231654f04a850b8764e7e864c54b3"><code>5f3dc61</code></a> Bump rollup from 4.34.8 to 4.59.0</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/049a594410962c13dfd0f2d0bf0ef2154271079e"><code>049a594</code></a> Merge pull request <a href="https://redirect.github.com/immutable-js/immutable-js/issues/2173">#2173</a> from immutable-js/dependabot/npm_and_yarn/lodash-4.1...</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/2481a77331122eea4ace8afd4842042c6ae7510c"><code>2481a77</code></a> Merge pull request <a href="https://redirect.github.com/immutable-js/immutable-js/issues/2172">#2172</a> from mrazauskas/update-tstyche</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/eb047790b44dac8e5ace49529a5c9928edfc8e12"><code>eb04779</code></a> Bump lodash from 4.17.21 to 4.17.23</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/b973bf3b6242c9966143169825e1e14248c07c31"><code>b973bf3</code></a> format</li> <li>Additional commits viewable in <a href="https://github.com/immutable-js/immutable-js/compare/v5.0.3...v5.1.5">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for immutable since your current version.</p> </details> <br /> Updates `js-yaml` from 4.1.0 to 4.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (&lt;&lt;) operator.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a"><code>cc482e7</code></a> 4.1.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f"><code>50968b8</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b"><code>d092d86</code></a> lint fix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"><code>383665f</code></a> fix prototype pollution in merge (&lt;&lt;)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976"><code>0d3ca7a</code></a> README.md: HTTP =&gt; HTTPS (<a href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b"><code>49baadd</code></a> doc: 'empty' style option for !!null</li> <li><a href="https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce"><code>ba3460e</code></a> Fix demo link (<a href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare view</a></li> </ul> </details> <br /> Updates `markdown-it` from 14.1.0 to 14.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md">markdown-it's changelog</a>.</em></p> <blockquote> <h2>[14.1.1] - 2026-01-11</h2> <h3>Security</h3> <ul> <li>Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to <a href="https://github.com/ltduc147"><code>@​ltduc147</code></a> for report.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/markdown-it/markdown-it/commit/b4a9b659ef5734223731cfaa3ad5eacc6fc22918"><code>b4a9b65</code></a> 14.1.1 released</li> <li><a href="https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26"><code>4b4bbca</code></a> Fixed perf regression in linkify-it wrapper</li> <li><a href="https://github.com/markdown-it/markdown-it/commit/d2782d892a51201b25d3eeab172201ad5a53a24c"><code>d2782d8</code></a> Add supplementary example-driven documentation (<a href="https://redirect.github.com/markdown-it/markdown-it/issues/1092">#1092</a>)</li> <li>See full diff in <a href="https://github.com/markdown-it/markdown-it/compare/14.1.0...14.1.1">compare view</a></li> </ul> </details> <br /> Updates `qs` from 6.13.0 to 6.14.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.2</strong></h2> <ul> <li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li> <li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li> <li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li> <li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li> <li>[Robustness] avoid <code>.push</code>, use <code>void</code></li> <li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li> <li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li> <li>[readme] replace runkit CI badge with shields.io check-runs badge</li> <li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>[actions] fix rebase workflow permissions</li> </ul> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.3</strong></h2> <p>[Fix] fix regressions from robustness refactor [actions] update reusable workflows</p> <h2><strong>6.13.2</strong></h2> <ul> <li>[Robustness] avoid <code>.push</code>, use <code>void</code></li> <li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li> <li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li> <li>[readme] replace runkit CI badge with shields.io check-runs badge</li> <li>[actions] fix rebase workflow permissions</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b"><code>bdcf0c7</code></a> v6.14.2</li> <li><a href="https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2"><code>294db90</code></a> [readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output</li> <li><a href="https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6"><code>5c308e5</code></a> [readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation</li> <li><a href="https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc"><code>6addf8c</code></a> [Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code></li> <li><a href="https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf"><code>cfc108f</code></a> [Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/`pars...</li> <li><a href="https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77"><code>febb644</code></a> [Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when `thr...</li> <li><a href="https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482"><code>f6a7abf</code></a> [Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li><a href="https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a"><code>fbc5206</code></a> [Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove e...</li> <li><a href="https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a"><code>1b9a8b4</code></a> [actions] fix rebase workflow permissions</li> <li><a href="https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda"><code>2a35775</code></a> [meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.2">compare view</a></li> </ul> </details> <br /> Updates `rollup` from 4.22.4 to 4.59.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/releases">rollup's releases</a>.</em></p> <blockquote> <h2>v4.59.0</h2> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>v4.58.0</h2> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6256">#6256</a>: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (<a href="https://github.com/njg7194"><code>@​njg7194</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6259">#6259</a>: docs: Correct typo and improve sentence structure in docs for <code>output.experimentalMinChunkSize</code> (<a href="https://github.com/millerick"><code>@​millerick</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6260">#6260</a>: fix(deps): update rust crate swc_compiler_base to v47 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6261">#6261</a>: fix(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6262">#6262</a>: Avoid unnecessary cloning of the code string (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6263">#6263</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6265">#6265</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6267">#6267</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6268">#6268</a>: chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6269">#6269</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6270">#6270</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6272">#6272</a>: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>v4.57.1</h2> <h2>4.57.1</h2> <p><em>2026-01-30</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix heap corruption issue in Windows (<a href="https://redirect.github.com/rollup/rollup/issues/6251">#6251</a>)</li> <li>Ensure exports of a dynamic import are fully included when called from a try...catch (<a href="https://redirect.github.com/rollup/rollup/issues/6254">#6254</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6251">#6251</a>: fix: Isolate and cache <code>process.report.getReport()</code> calls in a child process for robust environment detection (<a href="https://github.com/alan-agius4"><code>@​alan-agius4</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/blob/master/CHANGELOG.md">rollup's changelog</a>.</em></p> <blockquote> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6256">#6256</a>: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (<a href="https://github.com/njg7194"><code>@​njg7194</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6259">#6259</a>: docs: Correct typo and improve sentence structure in docs for <code>output.experimentalMinChunkSize</code> (<a href="https://github.com/millerick"><code>@​millerick</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6260">#6260</a>: fix(deps): update rust crate swc_compiler_base to v47 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6261">#6261</a>: fix(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6262">#6262</a>: Avoid unnecessary cloning of the code string (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6263">#6263</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6265">#6265</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6267">#6267</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6268">#6268</a>: chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6269">#6269</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6270">#6270</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6272">#6272</a>: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>4.57.1</h2> <p><em>2026-01-30</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix heap corruption issue in Windows (<a href="https://redirect.github.com/rollup/rollup/issues/6251">#6251</a>)</li> <li>Ensure exports of a dynamic import are fully included when called from a try...catch (<a href="https://redirect.github.com/rollup/rollup/issues/6254">#6254</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6251">#6251</a>: fix: Isolate and cache <code>process.report.getReport()</code> calls in a child process for robust environment detection (<a href="https://github.com/alan-agius4"><code>@​alan-agius4</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6252">#6252</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6253">#6253</a>: chore(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6254">#6254</a>: Fully include dynamic imports in a try-catch (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rollup/rollup/commit/ae846957f109690a866cc3e4c073613c338d3476"><code>ae84695</code></a> 4.59.0</li> <li><a href="https://github.com/rollup/rollup/commit/b39616e9175b3d9fc3977c99153174c490805a93"><code>b39616e</code></a> Update audit-resolve</li> <li><a href="https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"><code>c60770d</code></a> Validate bundle stays within output dir (<a href="https://redirect.github.com/rollup/rollup/issues/6275">#6275</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/33f39c1f205ea2eadaf4b589e493453e2baa3662"><code>33f39c1</code></a> 4.58.0</li> <li><a href="https://github.com/rollup/rollup/commit/b61c40803b717854c1c28937e8098e5ad3c7b8ca"><code>b61c408</code></a> forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...</li> <li><a href="https://github.com/rollup/rollup/commit/7f00689ec90e2cafb11c26eefbcac62343c936f6"><code>7f00689</code></a> Extend agent instructions</li> <li><a href="https://github.com/rollup/rollup/commit/e7b2b85af0901244ecc141b9d792c6db6b527ea4"><code>e7b2b85</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/rollup/rollup/issues/6270">#6270</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/2aa5da9baf82211b8207d268c8751630cb766970"><code>2aa5da9</code></a> fix(deps): update minor/patch updates (<a href="https://redirect.github.com/rollup/rollup/issues/6267">#6267</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/4319837c5448d0c10d89e9ded118888deec2eeec"><code>4319837</code></a> chore(deps): update dependency lru-cache to v11 (<a href="https://redirect.github.com/rollup/rollup/issues/6269">#6269</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/c3b6b4bdc4f2ed978fa233132a526957e6513233"><code>c3b6b4b</code></a> chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://redirect.github.com/rollup/rollup/issues/6268">#6268</a>)</li> <li>Additional commits viewable in <a href="https://github.com/rollup/rollup/compare/v4.22.4...v4.59.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for rollup since your current version.</p> </details> <details> <summary>Install script changes</summary> <p>This version modifies <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Updates `tar` from 7.4.3 to 7.5.10 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>7.5</h2> <ul> <li>Added <code>zstd</code> compression support.</li> <li>Consistent TOCTOU behavior in sync t.list</li> <li>Only read from ustar block if not specified in Pax</li> <li>Fix sync tar.list when file size reduces while reading</li> <li>Sanitize absolute linkpaths properly</li> <li>Prevent writing hardlink entries to the archive ahead of their file target</li> </ul> <h2>7.4</h2> <ul> <li>Deprecate <code>onentry</code> in favor of <code>onReadEntry</code> for clarity.</li> </ul> <h2>7.3</h2> <ul> <li>Add <code>onWriteEntry</code> option</li> </ul> <h2>7.2</h2> <ul> <li>DRY the command definitions into a single <code>makeCommand</code> method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.</li> </ul> <h2>7.1</h2> <ul> <li>Update minipass to v7.1.0</li> <li>Update the type definitions of <code>write()</code> and <code>end()</code> methods on <code>Unpack</code> and <code>Parser</code> classes to be compatible with the NodeJS.WritableStream type in the latest versions of <code>@types/node</code>.</li> </ul> <h2>7.0</h2> <ul> <li>Drop support for node &lt;18</li> <li>Rewrite in TypeScript, provide ESM and CommonJS hybrid interface</li> <li>Add tree-shake friendly exports, like <code>import('tar/create')</code> and <code>import('tar/read-entry')</code> to get individual functions or classes.</li> <li>Add <code>chmod</code> option that defaults to false, and deprecate <code>noChmod</code>. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.</li> <li>Add <code>processUmask</code> option to avoid having to call <code>process.umask()</code> when <code>chmod: true</code> (or <code>noChmod: false</code>) is set.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1"><code>2b72abc</code></a> 7.5.10</li> <li><a href="https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f"><code>7bc755d</code></a> parse root off paths before sanitizing .. parts</li> <li><a href="https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778"><code>c8cb846</code></a> update deps</li> <li><a href="https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa"><code>1f0c2c9</code></a> 7.5.9</li> <li><a href="https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75"><code>fbb0851</code></a> build minified version as default export</li> <li><a href="https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f"><code>6b8eba0</code></a> 7.5.8</li> <li><a href="https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"><code>2cb1120</code></a> fix(unpack): improve UnpackSync symlink error &quot;into&quot; path accuracy</li> <li><a href="https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"><code>... _Description has been truncated_ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-18 14:28:35 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#113917