github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 19:38:46 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #21646] [CLOSED] build(deps): bump the npm_and_yarn group across 1 directory with 5 updates #26180

New Issue
Closed
opened 2026-04-20 06:22:39 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-20 06:22:39 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/21646
Author: @dependabot[bot]
Created: 2/20/2026
Status: Closed

Base: mainHead: dependabot/npm_and_yarn/npm_and_yarn-fde89e69b0

📝 Commits (1)

  • 865bef6 build(deps): bump the npm_and_yarn group across 1 directory with 5 updates

📊 Changes

2 files changed (+278 additions, -995 deletions)

View changed files

📝 package-lock.json (+274 -991)
📝 package.json (+4 -4)

📄 Description

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
svelte 5.42.2 5.53.0
js-yaml 4.1.0 4.1.1
markdown-it 14.1.0 14.1.1
qs 6.13.0 6.14.2
tar 7.4.3 7.5.9

Updates svelte from 5.42.2 to 5.53.0

Release notes

Sourced from svelte's releases.

svelte@5.53.0

Minor Changes

  • feat: allow comments in tags (#17671)

  • feat: allow error boundaries to work on the server (#17672)

Patch Changes

  • fix: use TrustedHTML to test for customizable support, where necessary (#17743)

  • fix: ensure head effects are kept in the effect tree (#17746)

  • chore: deactivate current_batch by default in unset_context (#17738)

svelte@5.52.0

Minor Changes

  • feat: support TrustedHTML in {@html} expressions (#17701)

Patch Changes

  • fix: repair dynamic component truthy/falsy hydration mismatches (#17737)

  • fix: re-run non-render-bound deriveds on the server (#17674)

svelte@5.51.5

Patch Changes

svelte@5.51.4

Patch Changes

  • chore: proactively defer effects in pending boundary (#17734)

  • fix: detect and error on non-idempotent each block keys in dev mode (#17732)

svelte@5.51.3

Patch Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

5.53.0

Minor Changes

  • feat: allow comments in tags (#17671)

  • feat: allow error boundaries to work on the server (#17672)

Patch Changes

  • fix: use TrustedHTML to test for customizable <select> support, where necessary (#17743)

  • fix: ensure head effects are kept in the effect tree (#17746)

  • chore: deactivate current_batch by default in unset_context (#17738)

5.52.0

Minor Changes

  • feat: support TrustedHTML in {@html} expressions (#17701)

Patch Changes

  • fix: repair dynamic component truthy/falsy hydration mismatches (#17737)

  • fix: re-run non-render-bound deriveds on the server (#17674)

5.51.5

Patch Changes

5.51.4

Patch Changes

  • chore: proactively defer effects in pending boundary (#17734)

... (truncated)

Commits

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

  • Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.
Commits

Updates qs from 6.13.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions

6.14.1

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

  • [Robustness] avoid .push, use void
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [actions] fix rebase workflow permissions

6.13.1

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup

... (truncated)

Commits
  • bdcf0c7 v6.14.2
  • 294db90 [readme] document that addQueryPrefix does not add ? to empty output
  • 5c308e5 [readme] clarify parseArrays and arrayLimit documentation
  • 6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
  • cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
  • febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
  • f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
  • fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
  • 1b9a8b4 [actions] fix rebase workflow permissions
  • 2a35775 [meta] fix changelog typo (arrayLengtharrayLimit)
  • Additional commits viewable in compare view

Updates tar from 7.4.3 to 7.5.9

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/21646 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 2/20/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/npm_and_yarn-fde89e69b0` --- ### 📝 Commits (1) - [`865bef6`](https://github.com/open-webui/open-webui/commit/865bef6956c50b1521cf90a160bbfb9c665743f3) build(deps): bump the npm_and_yarn group across 1 directory with 5 updates ### 📊 Changes **2 files changed** (+278 additions, -995 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+274 -991) 📝 `package.json` (+4 -4) </details> ### 📄 Description Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.42.2` | `5.53.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.2` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.9` | Updates `svelte` from 5.42.2 to 5.53.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/svelte/releases">svelte's releases</a>.</em></p> <blockquote> <h2>svelte@5.53.0</h2> <h3>Minor Changes</h3> <ul> <li> <p>feat: allow comments in tags (<a href="https://redirect.github.com/sveltejs/svelte/pull/17671">#17671</a>)</p> </li> <li> <p>feat: allow error boundaries to work on the server (<a href="https://redirect.github.com/sveltejs/svelte/pull/17672">#17672</a>)</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>fix: use TrustedHTML to test for customizable <!-- raw HTML omitted --> support, where necessary (<a href="https://redirect.github.com/sveltejs/svelte/pull/17743">#17743</a>)</p> </li> <li> <p>fix: ensure head effects are kept in the effect tree (<a href="https://redirect.github.com/sveltejs/svelte/pull/17746">#17746</a>)</p> </li> <li> <p>chore: deactivate current_batch by default in unset_context (<a href="https://redirect.github.com/sveltejs/svelte/pull/17738">#17738</a>)</p> </li> </ul> <h2>svelte@5.52.0</h2> <h3>Minor Changes</h3> <ul> <li>feat: support TrustedHTML in <code>{@html}</code> expressions (<a href="https://redirect.github.com/sveltejs/svelte/pull/17701">#17701</a>)</li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>fix: repair dynamic component truthy/falsy hydration mismatches (<a href="https://redirect.github.com/sveltejs/svelte/pull/17737">#17737</a>)</p> </li> <li> <p>fix: re-run non-render-bound deriveds on the server (<a href="https://redirect.github.com/sveltejs/svelte/pull/17674">#17674</a>)</p> </li> </ul> <h2>svelte@5.51.5</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: check to make sure <code>svelte:element</code> tags are valid during SSR (<a href="https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f"><code>73098bb26c6f06e7fd1b0746d817d2c5ee90755f</code></a>)</p> </li> <li> <p>fix: misc option escaping and backwards compatibility (<a href="https://redirect.github.com/sveltejs/svelte/pull/17741">#17741</a>)</p> </li> <li> <p>fix: strip event handlers during SSR (<a href="https://github.com/sveltejs/svelte/commit/a0c7f289156e9fafaeaf5ca14af6c06fe9b9eae5"><code>a0c7f289156e9fafaeaf5ca14af6c06fe9b9eae5</code></a>)</p> </li> <li> <p>fix: replace usage of <code>for in</code> with <code>for of Object.keys</code> (<a href="https://github.com/sveltejs/svelte/commit/f89c7ddd7eebaa1ef3cc540400bec2c9140b330c"><code>f89c7ddd7eebaa1ef3cc540400bec2c9140b330c</code></a>)</p> </li> <li> <p>fix: always escape option body in SSR (<a href="https://github.com/sveltejs/svelte/commit/f7c80da18c215e3727c2a611b0b8744cc6e504c5"><code>f7c80da18c215e3727c2a611b0b8744cc6e504c5</code></a>)</p> </li> <li> <p>chore: upgrade <code>devalue</code> (<a href="https://redirect.github.com/sveltejs/svelte/pull/17739">#17739</a>)</p> </li> </ul> <h2>svelte@5.51.4</h2> <h3>Patch Changes</h3> <ul> <li> <p>chore: proactively defer effects in pending boundary (<a href="https://redirect.github.com/sveltejs/svelte/pull/17734">#17734</a>)</p> </li> <li> <p>fix: detect and error on non-idempotent each block keys in dev mode (<a href="https://redirect.github.com/sveltejs/svelte/pull/17732">#17732</a>)</p> </li> </ul> <h2>svelte@5.51.3</h2> <h3>Patch Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md">svelte's changelog</a>.</em></p> <blockquote> <h2>5.53.0</h2> <h3>Minor Changes</h3> <ul> <li> <p>feat: allow comments in tags (<a href="https://redirect.github.com/sveltejs/svelte/pull/17671">#17671</a>)</p> </li> <li> <p>feat: allow error boundaries to work on the server (<a href="https://redirect.github.com/sveltejs/svelte/pull/17672">#17672</a>)</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>fix: use TrustedHTML to test for customizable <code>&lt;select&gt;</code> support, where necessary (<a href="https://redirect.github.com/sveltejs/svelte/pull/17743">#17743</a>)</p> </li> <li> <p>fix: ensure head effects are kept in the effect tree (<a href="https://redirect.github.com/sveltejs/svelte/pull/17746">#17746</a>)</p> </li> <li> <p>chore: deactivate current_batch by default in unset_context (<a href="https://redirect.github.com/sveltejs/svelte/pull/17738">#17738</a>)</p> </li> </ul> <h2>5.52.0</h2> <h3>Minor Changes</h3> <ul> <li>feat: support TrustedHTML in <code>{@html}</code> expressions (<a href="https://redirect.github.com/sveltejs/svelte/pull/17701">#17701</a>)</li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>fix: repair dynamic component truthy/falsy hydration mismatches (<a href="https://redirect.github.com/sveltejs/svelte/pull/17737">#17737</a>)</p> </li> <li> <p>fix: re-run non-render-bound deriveds on the server (<a href="https://redirect.github.com/sveltejs/svelte/pull/17674">#17674</a>)</p> </li> </ul> <h2>5.51.5</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: check to make sure <code>svelte:element</code> tags are valid during SSR (<a href="https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f"><code>73098bb26c6f06e7fd1b0746d817d2c5ee90755f</code></a>)</p> </li> <li> <p>fix: misc option escaping and backwards compatibility (<a href="https://redirect.github.com/sveltejs/svelte/pull/17741">#17741</a>)</p> </li> <li> <p>fix: strip event handlers during SSR (<a href="https://github.com/sveltejs/svelte/commit/a0c7f289156e9fafaeaf5ca14af6c06fe9b9eae5"><code>a0c7f289156e9fafaeaf5ca14af6c06fe9b9eae5</code></a>)</p> </li> <li> <p>fix: replace usage of <code>for in</code> with <code>for of Object.keys</code> (<a href="https://github.com/sveltejs/svelte/commit/f89c7ddd7eebaa1ef3cc540400bec2c9140b330c"><code>f89c7ddd7eebaa1ef3cc540400bec2c9140b330c</code></a>)</p> </li> <li> <p>fix: always escape option body in SSR (<a href="https://github.com/sveltejs/svelte/commit/f7c80da18c215e3727c2a611b0b8744cc6e504c5"><code>f7c80da18c215e3727c2a611b0b8744cc6e504c5</code></a>)</p> </li> <li> <p>chore: upgrade <code>devalue</code> (<a href="https://redirect.github.com/sveltejs/svelte/pull/17739">#17739</a>)</p> </li> </ul> <h2>5.51.4</h2> <h3>Patch Changes</h3> <ul> <li>chore: proactively defer effects in pending boundary (<a href="https://redirect.github.com/sveltejs/svelte/pull/17734">#17734</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/svelte/commit/c2fc95a4674f2db34fd71de70f088810bf2204b4"><code>c2fc95a</code></a> Version Packages (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17747">#17747</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/92e2fc1209ee552b6f95e3a94e64028f9b265e86"><code>92e2fc1</code></a> feat: allow comments in tags (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17671">#17671</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/2661513cd3ca959049b1b6a42ce24cca8f85b141"><code>2661513</code></a> feat: allow error boundaries to work on the server (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17672">#17672</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/582e4443dcbf85e7d8066bf424771e58bc02397b"><code>582e444</code></a> fix: ensure head effects are kept in the effect tree (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17746">#17746</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/f8bf9bb461d6fe5a2132ea6cfaeaa184e34c37f7"><code>f8bf9bb</code></a> chore: deactivate current_batch by default in unset_context (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17738">#17738</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/696d97ff3e2671e5740d6f8e85cde904e627d435"><code>696d97f</code></a> fix: use TrustedHTML to test for customizable &lt;select&gt; support, where necessa...</li> <li><a href="https://github.com/sveltejs/svelte/commit/cbf4e246fc0d4ce26b4a5146919180cc58fd162a"><code>cbf4e24</code></a> Version Packages (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17742">#17742</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/09c4cb5084acb6962f33561e7368097491001a80"><code>09c4cb5</code></a> fix: re-run non-render-bound deriveds on the server (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17674">#17674</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/be24b0dca70e3959b38c1264077f5ac3a31f1e6c"><code>be24b0d</code></a> feat: support TrustedHTML in {<a href="https://github.com/html"><code>@​html</code></a>} expressions (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17701">#17701</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/9f48e7620f5bf017a04b2a57af82b839a4e8f496"><code>9f48e76</code></a> fix: repair dynamic component truthy/falsy hydration mismatches (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17737">#17737</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sveltejs/svelte/commits/svelte@5.53.0/packages/svelte">compare view</a></li> </ul> </details> <br /> Updates `js-yaml` from 4.1.0 to 4.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (&lt;&lt;) operator.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a"><code>cc482e7</code></a> 4.1.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f"><code>50968b8</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b"><code>d092d86</code></a> lint fix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"><code>383665f</code></a> fix prototype pollution in merge (&lt;&lt;)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976"><code>0d3ca7a</code></a> README.md: HTTP =&gt; HTTPS (<a href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b"><code>49baadd</code></a> doc: 'empty' style option for !!null</li> <li><a href="https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce"><code>ba3460e</code></a> Fix demo link (<a href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare view</a></li> </ul> </details> <br /> Updates `markdown-it` from 14.1.0 to 14.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md">markdown-it's changelog</a>.</em></p> <blockquote> <h2>[14.1.1] - 2026-01-11</h2> <h3>Security</h3> <ul> <li>Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to <a href="https://github.com/ltduc147"><code>@​ltduc147</code></a> for report.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/markdown-it/markdown-it/commit/b4a9b659ef5734223731cfaa3ad5eacc6fc22918"><code>b4a9b65</code></a> 14.1.1 released</li> <li><a href="https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26"><code>4b4bbca</code></a> Fixed perf regression in linkify-it wrapper</li> <li><a href="https://github.com/markdown-it/markdown-it/commit/d2782d892a51201b25d3eeab172201ad5a53a24c"><code>d2782d8</code></a> Add supplementary example-driven documentation (<a href="https://redirect.github.com/markdown-it/markdown-it/issues/1092">#1092</a>)</li> <li>See full diff in <a href="https://github.com/markdown-it/markdown-it/compare/14.1.0...14.1.1">compare view</a></li> </ul> </details> <br /> Updates `qs` from 6.13.0 to 6.14.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.2</strong></h2> <ul> <li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li> <li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li> <li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li> <li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li> <li>[Robustness] avoid <code>.push</code>, use <code>void</code></li> <li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li> <li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li> <li>[readme] replace runkit CI badge with shields.io check-runs badge</li> <li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>[actions] fix rebase workflow permissions</li> </ul> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.3</strong></h2> <p>[Fix] fix regressions from robustness refactor [actions] update reusable workflows</p> <h2><strong>6.13.2</strong></h2> <ul> <li>[Robustness] avoid <code>.push</code>, use <code>void</code></li> <li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li> <li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li> <li>[readme] replace runkit CI badge with shields.io check-runs badge</li> <li>[actions] fix rebase workflow permissions</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b"><code>bdcf0c7</code></a> v6.14.2</li> <li><a href="https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2"><code>294db90</code></a> [readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output</li> <li><a href="https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6"><code>5c308e5</code></a> [readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation</li> <li><a href="https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc"><code>6addf8c</code></a> [Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code></li> <li><a href="https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf"><code>cfc108f</code></a> [Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/`pars...</li> <li><a href="https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77"><code>febb644</code></a> [Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when `thr...</li> <li><a href="https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482"><code>f6a7abf</code></a> [Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li><a href="https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a"><code>fbc5206</code></a> [Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove e...</li> <li><a href="https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a"><code>1b9a8b4</code></a> [actions] fix rebase workflow permissions</li> <li><a href="https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda"><code>2a35775</code></a> [meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.2">compare view</a></li> </ul> </details> <br /> Updates `tar` from 7.4.3 to 7.5.9 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>7.5</h2> <ul> <li>Added <code>zstd</code> compression support.</li> <li>Consistent TOCTOU behavior in sync t.list</li> <li>Only read from ustar block if not specified in Pax</li> <li>Fix sync tar.list when file size reduces while reading</li> <li>Sanitize absolute linkpaths properly</li> <li>Prevent writing hardlink entries to the archive ahead of their file target</li> </ul> <h2>7.4</h2> <ul> <li>Deprecate <code>onentry</code> in favor of <code>onReadEntry</code> for clarity.</li> </ul> <h2>7.3</h2> <ul> <li>Add <code>onWriteEntry</code> option</li> </ul> <h2>7.2</h2> <ul> <li>DRY the command definitions into a single <code>makeCommand</code> method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.</li> </ul> <h2>7.1</h2> <ul> <li>Update minipass to v7.1.0</li> <li>Update the type definitions of <code>write()</code> and <code>end()</code> methods on <code>Unpack</code> and <code>Parser</code> classes to be compatible with the NodeJS.WritableStream type in the latest versions of <code>@types/node</code>.</li> </ul> <h2>7.0</h2> <ul> <li>Drop support for node &lt;18</li> <li>Rewrite in TypeScript, provide ESM and CommonJS hybrid interface</li> <li>Add tree-shake friendly exports, like <code>import('tar/create')</code> and <code>import('tar/read-entry')</code> to get individual functions or classes.</li> <li>Add <code>chmod</code> option that defaults to false, and deprecate <code>noChmod</code>. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.</li> <li>Add <code>processUmask</code> option to avoid having to call <code>process.umask()</code> when <code>chmod: true</code> (or <code>noChmod: false</code>) is set.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa"><code>1f0c2c9</code></a> 7.5.9</li> <li><a href="https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75"><code>fbb0851</code></a> build minified version as default export</li> <li><a href="https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f"><code>6b8eba0</code></a> 7.5.8</li> <li><a href="https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"><code>2cb1120</code></a> fix(unpack): improve UnpackSync symlink error &quot;into&quot; path accuracy</li> <li><a href="https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"><code>d18e4e1</code></a> fix: do not write linkpaths through symlinks</li> <li><a href="https://github.com/isaacs/node-tar/commit/4a37eb9a1cf1137df4eb70c5c7f849f412ff3cdb"><code>4a37eb9</code></a> 7.5.7</li> <li><a href="https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"><code>f4a7aa9</code></a> fix: properly sanitize hard links containing ..</li> <li><a href="https://github.com/isaacs/node-tar/commit/394ece6ad8d81742a4e4058af227c616cd947a25"><code>394ece6</code></a> 7.5.6</li> <li><a href="https://github.com/isaacs/node-tar/commit/7d4cc17c76f6bd11dcd83de47187dc6dff206eee"><code>7d4cc17</code></a> fix race puting a Link ahead of its target File</li> <li><a href="https://github.com/isaacs/node-tar/commit/26ab90474e642cf00d84a05bcdc2eaf2a19f1581"><code>26ab904</code></a> 7.5.5</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.9">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for tar since your current version.</p> </details> <details> <summary>Install script changes</summary> <p>This version adds <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/open-webui/open-webui/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 06:22:39 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#26180
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?