github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 19:38:46 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #20670] [CLOSED] chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates #25724

New Issue
Closed
opened 2026-04-20 06:05:45 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-20 06:05:45 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/20670
Author: @dependabot[bot]
Created: 1/14/2026
Status: Closed

Base: mainHead: dependabot/npm_and_yarn/npm_and_yarn-6388a5bfa6

📝 Commits (1)

  • b70735d chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

📊 Changes

2 files changed (+139 additions, -606 deletions)

View changed files

📝 package-lock.json (+138 -605)
📝 package.json (+1 -1)

📄 Description

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
undici 7.11.0 7.18.2
undici 6.21.2 6.23.0
js-yaml 4.1.0 4.1.1
qs 6.13.0 6.14.1
vega-functions 6.1.0 6.1.1
vega-selections 6.1.0 6.1.2

Updates undici from 7.11.0 to 7.18.2

Release notes

Sourced from undici's releases.

v7.18.2

⚠️ Security Release

This fixes https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2

v7.18.1

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1

v7.18.0

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0

v7.17.0

What's Changed

... (truncated)

Commits
  • 7e5cb2d Bumped v7.18.2 (#4730)
  • b04e3cb fix(decompress): limit Content-Encoding chain to 5 to prevent resource exhaus...
  • 2bcb77b Bumped v7.18.1 (#4728)
  • 58a12b7 build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#4719)
  • 5fa2930 build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (#4718)
  • fbbe283 docs: add security warning for strictContentLength option (#4726)
  • ce12d9e fix: do not crash if Node.js is compiled without SSL (#4727)
  • ebe3e33 Bumped v7.18.0 (#4725)
  • 4e9b88b fix: limit Content-Encoding chain to 5 to prevent resource exhaustion
  • d560767 Bumped v7.17.0 (#4724)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.


Updates undici from 6.21.2 to 6.23.0

Release notes

Sourced from undici's releases.

v7.18.2

⚠️ Security Release

This fixes https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2

v7.18.1

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1

v7.18.0

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0

v7.17.0

What's Changed

... (truncated)

Commits
  • 7e5cb2d Bumped v7.18.2 (#4730)
  • b04e3cb fix(decompress): limit Content-Encoding chain to 5 to prevent resource exhaus...
  • 2bcb77b Bumped v7.18.1 (#4728)
  • 58a12b7 build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#4719)
  • 5fa2930 build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (#4718)
  • fbbe283 docs: add security warning for strictContentLength option (#4726)
  • ce12d9e fix: do not crash if Node.js is compiled without SSL (#4727)
  • ebe3e33 Bumped v7.18.0 (#4725)
  • 4e9b88b fix: limit Content-Encoding chain to 5 to prevent resource exhaustion
  • d560767 Bumped v7.17.0 (#4724)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.


Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates qs from 6.13.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

  • [Fix] ensure arrayLength applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

6.13.1

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup
  • [Tests] utils.merge: add some coverage
  • [Tests] fix a test case
  • [actions] split out node 10-20, and 20+
  • [Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape
Commits
  • 3fa11a5 v6.14.1
  • a626704 [Dev Deps] update npmignore
  • 3086902 [Fix] ensure arrayLength applies to [] notation as well
  • fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
  • 0b06aac [Dev Deps] update @ljharb/eslint-config
  • 64951f6 [Refactor] parse: extract key segment splitting helper
  • e1bd259 [Dev Deps] update @ljharb/eslint-config
  • f4b3d39 [eslint] add eslint 9 optional peer dep
  • 6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
  • 973dc3c [actions] add workflow permissions
  • Additional commits viewable in compare view

Updates vega-functions from 6.1.0 to 6.1.1

Release notes

Sourced from vega-functions's releases.

v6.1.1

Full Changelog: https://github.com/vega/vega/compare/v6.1.0...v6.1.1

Commits
Maintainer changes

This version was pushed to npm by hydrosquall, a new releaser for vega-functions since your current version.


Updates vega-selections from 6.1.0 to 6.1.2

Release notes

Sourced from vega-selections's releases.

v6.1.2

Full Changelog: https://github.com/vega/vega/compare/v6.1.1...v6.1.2

v6.1.1

Full Changelog: https://github.com/vega/vega/compare/v6.1.0...v6.1.1

Commits
Maintainer changes

This version was pushed to npm by hydrosquall, a new releaser for vega-selections since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/20670 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 1/14/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/npm_and_yarn-6388a5bfa6` --- ### 📝 Commits (1) - [`b70735d`](https://github.com/open-webui/open-webui/commit/b70735d291f73b225b050686a2236dc9bdb5fed2) chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates ### 📊 Changes **2 files changed** (+139 additions, -606 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+138 -605) 📝 `package.json` (+1 -1) </details> ### 📄 Description Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [undici](https://github.com/nodejs/undici) | `7.11.0` | `7.18.2` | | [undici](https://github.com/nodejs/undici) | `6.21.2` | `6.23.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` | | [vega-functions](https://github.com/vega/vega) | `6.1.0` | `6.1.1` | | [vega-selections](https://github.com/vega/vega) | `6.1.0` | `6.1.2` | Updates `undici` from 7.11.0 to 7.18.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v7.18.2</h2> <h2>⚠️ Security Release</h2> <p>This fixes <a href="https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9">https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9</a> and CVE-2026-22036.</p> <h2>What's Changed</h2> <ul> <li>fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by <a href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4729">nodejs/undici#4729</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2">https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2</a></p> <h2>v7.18.1</h2> <h2>What's Changed</h2> <ul> <li>Test and Fix running without SSL by <a href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4727">nodejs/undici#4727</a></li> <li>docs: add security warning for strictContentLength option by <a href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4726">nodejs/undici#4726</a></li> <li>build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4718">nodejs/undici#4718</a></li> <li>build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4719">nodejs/undici#4719</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1">https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1</a></p> <h2>v7.18.0</h2> <h2>What's Changed</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0">https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0</a></p> <h2>v7.17.0</h2> <h2>What's Changed</h2> <ul> <li>chore: extract infra and encoding methods by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4523">nodejs/undici#4523</a></li> <li>ci: remove h2 by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4534">nodejs/undici#4534</a></li> <li>ci: make nodejs-shared wf reusable, install binaryen for wasm-opt, test on node-nightly by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4535">nodejs/undici#4535</a></li> <li>ci: fix nightly shared library case by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4543">nodejs/undici#4543</a></li> <li>test: consume bodies of fetch responses to fix failing macos 20 ci by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4528">nodejs/undici#4528</a></li> <li>docs: add Cache Interceptor example to README by <a href="https://github.com/tawseefnabi"><code>@​tawseefnabi</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4393">nodejs/undici#4393</a></li> <li>test: remove node20 version check by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4544">nodejs/undici#4544</a></li> <li>types: use MessagePort instance type in MessageEvent by <a href="https://github.com/Renegade334"><code>@​Renegade334</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4546">nodejs/undici#4546</a></li> <li>ci: set write permissions on job level by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4537">nodejs/undici#4537</a></li> <li>lint: activate n/no-process-exit by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4548">nodejs/undici#4548</a></li> <li>ci: run benchmarks on pull_requests and by pushing on specific branches only by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4536">nodejs/undici#4536</a></li> <li>chore: activate n/prefer-node-protocol to enforce <code>'node:'</code> prefix for requiring node built-ins by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4547">nodejs/undici#4547</a></li> <li>feat(H2): correct CONNECT behaviour by <a href="https://github.com/metcoder95"><code>@​metcoder95</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4541">nodejs/undici#4541</a></li> <li>test: fix plans by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4550">nodejs/undici#4550</a></li> <li>feat: add runtime feature &quot;detection&quot; by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4545">nodejs/undici#4545</a></li> <li>perf: use less promises in extractBody by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4458">nodejs/undici#4458</a></li> <li>fix(proxy-agent): add missing return after callback-call by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4553">nodejs/undici#4553</a></li> <li>fix: remove redundant line in retry-handler by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4554">nodejs/undici#4554</a></li> <li>ci: add no-wasm-simd option by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4533">nodejs/undici#4533</a></li> <li>fix: use lazyloaders for runtime feature detection by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4557">nodejs/undici#4557</a></li> <li>fix: minor changes in dispatcher-base.js and types for Dispatcher by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4556">nodejs/undici#4556</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/7e5cb2d7468633b48679627061d696a0bb45f651"><code>7e5cb2d</code></a> Bumped v7.18.2 (<a href="https://redirect.github.com/nodejs/undici/issues/4730">#4730</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3"><code>b04e3cb</code></a> fix(decompress): limit Content-Encoding chain to 5 to prevent resource exhaus...</li> <li><a href="https://github.com/nodejs/undici/commit/2bcb77bbc27f966ac86e31154161792a4a8dadf5"><code>2bcb77b</code></a> Bumped v7.18.1 (<a href="https://redirect.github.com/nodejs/undici/issues/4728">#4728</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/58a12b7f19f5d4b186c90aed2e3a55a3ba37decf"><code>58a12b7</code></a> build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (<a href="https://redirect.github.com/nodejs/undici/issues/4719">#4719</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/5fa2930582cab9c387df5cb2ddef44cb42bdf4a9"><code>5fa2930</code></a> build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4718">#4718</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/fbbe283fc4054c35ad21316bcf65996b0929ed58"><code>fbbe283</code></a> docs: add security warning for strictContentLength option (<a href="https://redirect.github.com/nodejs/undici/issues/4726">#4726</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/ce12d9e5dc1a72724cbef8ac43219ba9643b9142"><code>ce12d9e</code></a> fix: do not crash if Node.js is compiled without SSL (<a href="https://redirect.github.com/nodejs/undici/issues/4727">#4727</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/ebe3e33ea4d25402e0dc12dcc67902fdb7f231d4"><code>ebe3e33</code></a> Bumped v7.18.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4725">#4725</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/4e9b88b1c78349a956babef1151add83866f2dfb"><code>4e9b88b</code></a> fix: limit Content-Encoding chain to 5 to prevent resource exhaustion</li> <li><a href="https://github.com/nodejs/undici/commit/d5607677d444553183b0a637f687d20167427b36"><code>d560767</code></a> Bumped v7.17.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4724">#4724</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v7.11.0...v7.18.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for undici since your current version.</p> </details> <br /> Updates `undici` from 6.21.2 to 6.23.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v7.18.2</h2> <h2>⚠️ Security Release</h2> <p>This fixes <a href="https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9">https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9</a> and CVE-2026-22036.</p> <h2>What's Changed</h2> <ul> <li>fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by <a href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4729">nodejs/undici#4729</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2">https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2</a></p> <h2>v7.18.1</h2> <h2>What's Changed</h2> <ul> <li>Test and Fix running without SSL by <a href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4727">nodejs/undici#4727</a></li> <li>docs: add security warning for strictContentLength option by <a href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4726">nodejs/undici#4726</a></li> <li>build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4718">nodejs/undici#4718</a></li> <li>build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4719">nodejs/undici#4719</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1">https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1</a></p> <h2>v7.18.0</h2> <h2>What's Changed</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0">https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0</a></p> <h2>v7.17.0</h2> <h2>What's Changed</h2> <ul> <li>chore: extract infra and encoding methods by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4523">nodejs/undici#4523</a></li> <li>ci: remove h2 by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4534">nodejs/undici#4534</a></li> <li>ci: make nodejs-shared wf reusable, install binaryen for wasm-opt, test on node-nightly by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4535">nodejs/undici#4535</a></li> <li>ci: fix nightly shared library case by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4543">nodejs/undici#4543</a></li> <li>test: consume bodies of fetch responses to fix failing macos 20 ci by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4528">nodejs/undici#4528</a></li> <li>docs: add Cache Interceptor example to README by <a href="https://github.com/tawseefnabi"><code>@​tawseefnabi</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4393">nodejs/undici#4393</a></li> <li>test: remove node20 version check by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4544">nodejs/undici#4544</a></li> <li>types: use MessagePort instance type in MessageEvent by <a href="https://github.com/Renegade334"><code>@​Renegade334</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4546">nodejs/undici#4546</a></li> <li>ci: set write permissions on job level by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4537">nodejs/undici#4537</a></li> <li>lint: activate n/no-process-exit by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4548">nodejs/undici#4548</a></li> <li>ci: run benchmarks on pull_requests and by pushing on specific branches only by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4536">nodejs/undici#4536</a></li> <li>chore: activate n/prefer-node-protocol to enforce <code>'node:'</code> prefix for requiring node built-ins by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4547">nodejs/undici#4547</a></li> <li>feat(H2): correct CONNECT behaviour by <a href="https://github.com/metcoder95"><code>@​metcoder95</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4541">nodejs/undici#4541</a></li> <li>test: fix plans by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4550">nodejs/undici#4550</a></li> <li>feat: add runtime feature &quot;detection&quot; by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4545">nodejs/undici#4545</a></li> <li>perf: use less promises in extractBody by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4458">nodejs/undici#4458</a></li> <li>fix(proxy-agent): add missing return after callback-call by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4553">nodejs/undici#4553</a></li> <li>fix: remove redundant line in retry-handler by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4554">nodejs/undici#4554</a></li> <li>ci: add no-wasm-simd option by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4533">nodejs/undici#4533</a></li> <li>fix: use lazyloaders for runtime feature detection by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4557">nodejs/undici#4557</a></li> <li>fix: minor changes in dispatcher-base.js and types for Dispatcher by <a href="https://github.com/Uzlopak"><code>@​Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4556">nodejs/undici#4556</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/7e5cb2d7468633b48679627061d696a0bb45f651"><code>7e5cb2d</code></a> Bumped v7.18.2 (<a href="https://redirect.github.com/nodejs/undici/issues/4730">#4730</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3"><code>b04e3cb</code></a> fix(decompress): limit Content-Encoding chain to 5 to prevent resource exhaus...</li> <li><a href="https://github.com/nodejs/undici/commit/2bcb77bbc27f966ac86e31154161792a4a8dadf5"><code>2bcb77b</code></a> Bumped v7.18.1 (<a href="https://redirect.github.com/nodejs/undici/issues/4728">#4728</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/58a12b7f19f5d4b186c90aed2e3a55a3ba37decf"><code>58a12b7</code></a> build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (<a href="https://redirect.github.com/nodejs/undici/issues/4719">#4719</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/5fa2930582cab9c387df5cb2ddef44cb42bdf4a9"><code>5fa2930</code></a> build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4718">#4718</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/fbbe283fc4054c35ad21316bcf65996b0929ed58"><code>fbbe283</code></a> docs: add security warning for strictContentLength option (<a href="https://redirect.github.com/nodejs/undici/issues/4726">#4726</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/ce12d9e5dc1a72724cbef8ac43219ba9643b9142"><code>ce12d9e</code></a> fix: do not crash if Node.js is compiled without SSL (<a href="https://redirect.github.com/nodejs/undici/issues/4727">#4727</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/ebe3e33ea4d25402e0dc12dcc67902fdb7f231d4"><code>ebe3e33</code></a> Bumped v7.18.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4725">#4725</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/4e9b88b1c78349a956babef1151add83866f2dfb"><code>4e9b88b</code></a> fix: limit Content-Encoding chain to 5 to prevent resource exhaustion</li> <li><a href="https://github.com/nodejs/undici/commit/d5607677d444553183b0a637f687d20167427b36"><code>d560767</code></a> Bumped v7.17.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4724">#4724</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v7.11.0...v7.18.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for undici since your current version.</p> </details> <br /> Updates `js-yaml` from 4.1.0 to 4.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (&lt;&lt;) operator.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a"><code>cc482e7</code></a> 4.1.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f"><code>50968b8</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b"><code>d092d86</code></a> lint fix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"><code>383665f</code></a> fix prototype pollution in merge (&lt;&lt;)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976"><code>0d3ca7a</code></a> README.md: HTTP =&gt; HTTPS (<a href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b"><code>49baadd</code></a> doc: 'empty' style option for !!null</li> <li><a href="https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce"><code>ba3460e</code></a> Fix demo link (<a href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare view</a></li> </ul> </details> <br /> Updates `qs` from 6.13.0 to 6.14.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> <li>[Tests] <code>utils.merge</code>: add some coverage</li> <li>[Tests] fix a test case</li> <li>[actions] split out node 10-20, and 20+</li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>mock-property</code>, <code>object-inspect</code>, <code>tape</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/3fa11a5f643c76896387bd2d86904a2d0141fdf7"><code>3fa11a5</code></a> v6.14.1</li> <li><a href="https://github.com/ljharb/qs/commit/a62670423c1ccab0dd83c621bfb98c7c024e314d"><code>a626704</code></a> [Dev Deps] update <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"><code>3086902</code></a> [Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li><a href="https://github.com/ljharb/qs/commit/fc7930e86c2264c1568c9f5606830e19b0bc2af2"><code>fc7930e</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/0b06aac566abee45ef0327667a7cc89e7aed8b58"><code>0b06aac</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/64951f6200a1fb72cc003c6e8226dde3d2ef591f"><code>64951f6</code></a> [Refactor] <code>parse</code>: extract key segment splitting helper</li> <li><a href="https://github.com/ljharb/qs/commit/e1bd2599cdff4c936ea52fb1f16f921cbe7aa88c"><code>e1bd259</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/f4b3d39709fef6ddbd85128d1ba4c6b566c4902e"><code>f4b3d39</code></a> [eslint] add eslint 9 optional peer dep</li> <li><a href="https://github.com/ljharb/qs/commit/6e94d9596ca50dffafcef40a5f64eca89962cf34"><code>6e94d95</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/973dc3c51c86da9f4e30edeb4b1725158d439102"><code>973dc3c</code></a> [actions] add workflow permissions</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.1">compare view</a></li> </ul> </details> <br /> Updates `vega-functions` from 6.1.0 to 6.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vega/vega/releases">vega-functions's releases</a>.</em></p> <blockquote> <h2>v6.1.1</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.1">https://github.com/vega/vega/compare/v6.1.0...v6.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vega/vega/commit/d67c1b7d5ee707eabd82905088aff1605ca866ba"><code>d67c1b7</code></a> chore: bump to 6.1.1</li> <li><a href="https://github.com/vega/vega/commit/e5745308e2b0573d95eeca63c981c6db79b17a52"><code>e574530</code></a> chore: bump vega-cli</li> <li>See full diff in <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~hydrosquall">hydrosquall</a>, a new releaser for vega-functions since your current version.</p> </details> <br /> Updates `vega-selections` from 6.1.0 to 6.1.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vega/vega/releases">vega-selections's releases</a>.</em></p> <blockquote> <h2>v6.1.2</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/vega/vega/compare/v6.1.1...v6.1.2">https://github.com/vega/vega/compare/v6.1.1...v6.1.2</a></p> <h2>v6.1.1</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.1">https://github.com/vega/vega/compare/v6.1.0...v6.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vega/vega/commit/18a55af6207fb183510659bdec3922eddc9a6022"><code>18a55af</code></a> chore: fix json of package.json</li> <li><a href="https://github.com/vega/vega/commit/38957ff074288c014230bd55bbcd0acf6d1ee1ec"><code>38957ff</code></a> chore: bump vega</li> <li><a href="https://github.com/vega/vega/commit/bb800e9dcedaa2d53b729d753cf8a66d221a3063"><code>bb800e9</code></a> chore: simplify gitignore</li> <li><a href="https://github.com/vega/vega/commit/b737e032d9d1dee557bbb9fa0fdbf0789220ee61"><code>b737e03</code></a> fix: run <code>npm pkg fix</code></li> <li><a href="https://github.com/vega/vega/commit/d67c1b7d5ee707eabd82905088aff1605ca866ba"><code>d67c1b7</code></a> chore: bump to 6.1.1</li> <li><a href="https://github.com/vega/vega/commit/e5745308e2b0573d95eeca63c981c6db79b17a52"><code>e574530</code></a> chore: bump vega-cli</li> <li>See full diff in <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~hydrosquall">hydrosquall</a>, a new releaser for vega-selections since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/open-webui/open-webui/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 06:05:45 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#25724
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?