[PR #20860] [CLOSED] chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates #41431

New Issue

GiteaMirror · 2026-04-25T13:40:56-05:00

GiteaMirror commented

2026-04-25 13:40:56 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/20860
Author: @dependabot[bot]
Created: 1/21/2026
Status: ❌ Closed

Base: main ← Head: dependabot/npm_and_yarn/npm_and_yarn-789701fbe7

📝 Commits (1)

1985430 chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates

📊 Changes

2 files changed (+193 additions, -958 deletions)

View changed files

📝 package-lock.json (+191 -956)
📝 package.json (+2 -2)

📄 Description

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
undici	`7.11.0`	`7.19.0`
undici	`6.21.2`	`6.23.0`
@sveltejs/kit	`2.22.4`	`2.50.0`
js-yaml	`4.1.0`	`4.1.1`
qs	`6.13.0`	`6.14.1`
tar	`7.4.3`	`7.5.6`
vega-functions	`6.1.0`	`6.1.1`
vega-selections	`6.1.0`	`6.1.2`

Updates undici from 7.11.0 to 7.19.0

Release notes

Sourced from undici's releases.

v7.19.0

What's Changed

fix: Handle FormData body type correctly in RetryAgent retried requests by @eliotschu in nodejs/undici#4692

feat(client): expose HTTP/2 flow-control options by @pabloelisseo in nodejs/undici#4706

Implement origin normalization in MockAgent for case-insensitivity and URL handling by @SksOp in nodejs/undici#4731

fix websocket basic auth by @KhafraDev in nodejs/undici#4747

fix(cache): regenerate stream from source when cache.match is called after GC by @mcollina in nodejs/undici#4713

chore: use testcontext for test:cache by @Uzlopak in nodejs/undici#4571

chore: use testcontext for subresource integrity tests by @Uzlopak in nodejs/undici#4575

feat(cache): add origins option for whitelist filtering by @mcollina in nodejs/undici#4739

ci: test shared-builtin only on Node.js 24 and 25 by @mcollina in nodejs/undici#4746

fix websocketstream open error by @KhafraDev in nodejs/undici#4748

New Contributors

@eliotschu made their first contribution in nodejs/undici#4692

@pabloelisseo made their first contribution in nodejs/undici#4706

@SksOp made their first contribution in nodejs/undici#4731

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.2...v7.19.0

v7.18.2

⚠️ Security Release

This fixes https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

What's Changed

fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by @mcollina in nodejs/undici#4729

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2

v7.18.1

What's Changed

Test and Fix running without SSL by @mcollina in nodejs/undici#4727

docs: add security warning for strictContentLength option by @mcollina in nodejs/undici#4726

build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by @dependabot[bot] in nodejs/undici#4718

build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in nodejs/undici#4719

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1

v7.18.0

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0

v7.17.0

What's Changed

chore: extract infra and encoding methods by @Uzlopak in nodejs/undici#4523

... (truncated)

Commits

761fce9 fix websocketstream open error (#4748)
9ec9160 Bumped v7.19.0 (#4751)
491f760 ci: test shared-builtin only on Node.js 24 and 25 (#4746)
cc2ec56 feat(cache): add origins option for whitelist filtering (#4739)
8fd6c43 chore: use testcontest for subresource integrity tests (#4575)
2346cd2 chore: use testcontext for test:cache (#4571)
847419f fix(cache): regenerate stream from source when cache.match is called after GC...
3388513 fix websocket basic auth (#4747)
250efc8 Implement origin normalization in MockAgent for case-insensitivity and URL ha...
5ebef90 feat(client): expose HTTP/2 flow-control options (#4706)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Updates undici from 6.21.2 to 6.23.0

Release notes

Sourced from undici's releases.

v7.19.0

What's Changed

fix: Handle FormData body type correctly in RetryAgent retried requests by @eliotschu in nodejs/undici#4692

feat(client): expose HTTP/2 flow-control options by @pabloelisseo in nodejs/undici#4706

Implement origin normalization in MockAgent for case-insensitivity and URL handling by @SksOp in nodejs/undici#4731

fix websocket basic auth by @KhafraDev in nodejs/undici#4747

fix(cache): regenerate stream from source when cache.match is called after GC by @mcollina in nodejs/undici#4713

chore: use testcontext for test:cache by @Uzlopak in nodejs/undici#4571

chore: use testcontext for subresource integrity tests by @Uzlopak in nodejs/undici#4575

feat(cache): add origins option for whitelist filtering by @mcollina in nodejs/undici#4739

ci: test shared-builtin only on Node.js 24 and 25 by @mcollina in nodejs/undici#4746

fix websocketstream open error by @KhafraDev in nodejs/undici#4748

New Contributors

@eliotschu made their first contribution in nodejs/undici#4692

@pabloelisseo made their first contribution in nodejs/undici#4706

@SksOp made their first contribution in nodejs/undici#4731

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.2...v7.19.0

v7.18.2

⚠️ Security Release

This fixes https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

What's Changed

fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by @mcollina in nodejs/undici#4729

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2

v7.18.1

What's Changed

Test and Fix running without SSL by @mcollina in nodejs/undici#4727

docs: add security warning for strictContentLength option by @mcollina in nodejs/undici#4726

build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by @dependabot[bot] in nodejs/undici#4718

build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in nodejs/undici#4719

Full Changelog: https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1

v7.18.0

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0

v7.17.0

What's Changed

chore: extract infra and encoding methods by @Uzlopak in nodejs/undici#4523

... (truncated)

Commits

761fce9 fix websocketstream open error (#4748)
9ec9160 Bumped v7.19.0 (#4751)
491f760 ci: test shared-builtin only on Node.js 24 and 25 (#4746)
cc2ec56 feat(cache): add origins option for whitelist filtering (#4739)
8fd6c43 chore: use testcontest for subresource integrity tests (#4575)
2346cd2 chore: use testcontext for test:cache (#4571)
847419f fix(cache): regenerate stream from source when cache.match is called after GC...
3388513 fix websocket basic auth (#4747)
250efc8 Implement origin normalization in MockAgent for case-insensitivity and URL ha...
5ebef90 feat(client): expose HTTP/2 flow-control options (#4706)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Updates @sveltejs/kit from 2.22.4 to 2.50.0

Release notes

Sourced from @sveltejs/kit's releases.

@sveltejs/kit@2.50.0

Minor Changes

breaking: remove buttonProps from experimental remote form functions; use e.g. <button {...myForm.fields.action.as('submit', 'register')}>Register</button> button instead (#15144)

@sveltejs/kit@2.49.5

Patch Changes

fix: avoid overriding Vite default base when running Vitest 4 (#14866)

fix: ensure url decoded pathnames are not mistaken as rerouted requests (d9ae9b0)

fix: add length checks to remote forms (8ed8155)

@sveltejs/kit@2.49.4

Patch Changes

fix: support instrumentation for vite preview (#15105)

fix: support for URLSearchParams.has(name, value) overload (#15076)

fix: put forking behind experimental.forkPreloads (#15135)

@sveltejs/kit@2.49.3

Patch Changes

fix: avoid false-positive Vite config overridden warning when using Vitest 4 (#15121)

fix: add typescript as an optional peer dependency (#15074)

fix: use hasOwn check when deep-setting object properties (#15127)

@sveltejs/kit@2.49.2

Patch Changes

fix: Stop re-loading already-loaded CSS during server-side route resolution (#15014)

fix: posixify the instrumentation file import on Windows (#14993)

fix: Correctly handle shared memory when decoding binary form data (#15028)

@sveltejs/kit@2.49.1

... (truncated)

Changelog

Sourced from @sveltejs/kit's changelog.

2.50.0

Minor Changes

breaking: remove buttonProps from experimental remote form functions; use e.g. <button {...myForm.fields.action.as('submit', 'register')}>Register</button> button instead (#15144)

2.49.5

Patch Changes

fix: avoid overriding Vite default base when running Vitest 4 (#14866)

fix: ensure url decoded pathnames are not mistaken as rerouted requests (d9ae9b0)

fix: add length checks to remote forms (8ed8155)

2.49.4

Patch Changes

fix: support instrumentation for vite preview (#15105)

fix: support for URLSearchParams.has(name, value) overload (#15076)

fix: put forking behind experimental.forkPreloads (#15135)

2.49.3

Patch Changes

fix: avoid false-positive Vite config overridden warning when using Vitest 4 (#15121)

fix: add typescript as an optional peer dependency (#15074)

fix: use hasOwn check when deep-setting object properties (#15127)

2.49.2

Patch Changes

fix: Stop re-loading already-loaded CSS during server-side route resolution (#15014)

fix: posixify the instrumentation file import on Windows (#14993)

... (truncated)

Commits

391c6f7 Version Packages (#15177)
36cb864 Revert "Revert "breaking: remove buttonProps from experimental remote form ...
8a82859 chore: fix lint errors (#15174)
80ffb53 Version Packages (#15162)
8ed8155 Merge commit from fork
d9ae9b0 Merge commit from fork
ec4596a chore: Upgrade devalue (#15172)
81cd545 fix: avoid overriding Vite default base when running Vitest 4 (#14866)
6cf9491 chore: remove unused is_http_method helper and method set to (#15152)
3305022 Revert "breaking: remove buttonProps from experimental remote form function...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @sveltejs/kit since your current version.

Updates devalue from 5.1.1 to 5.6.2

Release notes

Sourced from devalue's releases.

v5.6.2

Patch Changes

1175584: fix: validate input for ArrayBuffer parsing

e46afa6: fix: validate input for typed arrays

1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses

a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

ca3c7b6: chore: Remove impossible void type from replacer's uneval

v5.4.0

Minor Changes

9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

b617c7c: perf: shrink uneval output with null-proto objects

v5.3.2

Patch Changes

0623a47: fix: disallow array method access when parsing

0623a47: fix: disallow __proto__ properties on objects

v5.3.1

Patch Changes

... (truncated)

Changelog

Sourced from devalue's changelog.

5.6.2

Patch Changes

1175584: fix: validate input for ArrayBuffer parsing

e46afa6: fix: validate input for typed arrays

1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses

a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

5.4.1

Patch Changes

ca3c7b6: chore: Remove impossible void type from replacer's uneval

5.4.0

Minor Changes

9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

b617c7c: perf: shrink uneval output with null-proto objects

5.3.2

... (truncated)

Commits

fcf4e88 fix tests
1d8a5ea Version Packages (#131)
1175584 Merge commit from fork
e46afa6 Merge commit from fork
5e07a67 Version Packages (#129)
aa09604 Bump js-yaml from 3.14.1 to 3.14.2 (#125)
2161d44 fix: add hasOwn check before calling reviver (#128)
83de81d Version Packages (#127)
a3d09d4 Add value and root properties in DevalueError instances (#126)
f4b37f3 Version Packages (#124)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates qs from 6.13.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

[Tests] utils.merge: add some coverage

[Tests] fix a test case

[actions] split out node 10-20, and 20+

[Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates tar from 7.4.3 to 7.5.6

Changelog

Sourced from tar's changelog.

Changelog

7.5

Added zstd compression support.

Consistent TOCTOU behavior in sync t.list

Only read from ustar block if not specified in Pax

Fix sync tar.list when file size reduces while reading

Sanitize absolute linkpaths properly

Prevent writing hardlink entries to the archive ahead of their file target

7.4

Deprecate onentry in favor of onReadEntry for clarity.

7.3

Add onWriteEntry option

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Drop support for node <18

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

394ece6 7.5.6
7d4cc17 fix race puting a Link ahead of its target File
26ab904 7.5.5
e9a1ddb fix: do not prevent valid linkpaths within archive
911c886 7.5.4
3b1abfa normalize out unicode ligatures
a43478c remove some unused files
970c58f update deps
bb21974 update changelog
0313844 7.5.3
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Updates vega-functions from 6.1.0 to 6.1.1

Release notes

Sourced from vega-functions's releases.

v6.1.1

Full Changelog: https://github.com/vega/vega/compare/v6.1.0...v6.1.1

Commits

d67c1b7 chore: bump to 6.1.1
e574530 chore: bump vega-cli
See full diff in compare view

Maintainer changes

This version was pushed to npm by hydrosquall, a new releaser for vega-functions since your current version.

Updates vega-selections from 6.1.0 to 6.1.2

Release notes

Sourced from vega-selections's releases.

v6.1.2

Full Changelog: https://github.com/vega/vega/compare/v6.1.1...v6.1.2

v6.1.1

Full Changelog: https://github.com/vega/vega/compare/v6.1.0...v6.1.1

Commits

18a55af chore: fix json of package.json
38957ff chore: bump vega
bb800e9 chore: simplify gitignore
b737e03 fix: run npm pkg fix
d67c1b7 chore: bump to 6.1.1
e574530 chore: bump vega-cli
See full diff in compare view

Maintainer changes

This version was pushed to npm by hydrosquall, a new releaser for vega-selections since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/20860 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 1/21/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/npm_and_yarn-789701fbe7` --- ### 📝 Commits (1) - [`1985430`](https://github.com/open-webui/open-webui/commit/1985430cd0532915f3de01722f8a66843feaa298) chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates ### 📊 Changes **2 files changed** (+193 additions, -958 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+191 -956) 📝 `package.json` (+2 -2) </details> ### 📄 Description Bumps the npm_and_yarn group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [undici](https://github.com/nodejs/undici) | `7.11.0` | `7.19.0` | | [undici](https://github.com/nodejs/undici) | `6.21.2` | `6.23.0` | | [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.22.4` | `2.50.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.6` | | [vega-functions](https://github.com/vega/vega) | `6.1.0` | `6.1.1` | | [vega-selections](https://github.com/vega/vega) | `6.1.0` | `6.1.2` | Updates `undici` from 7.11.0 to 7.19.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v7.19.0</h2> <h2>What's Changed</h2> <ul> <li>fix: Handle FormData body type correctly in RetryAgent retried requests by <a href="https://github.com/eliotschu"><code>@eliotschu</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4692">nodejs/undici#4692</a></li> <li>feat(client): expose HTTP/2 flow-control options by <a href="https://github.com/pabloelisseo"><code>@pabloelisseo</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4706">nodejs/undici#4706</a></li> <li>Implement origin normalization in MockAgent for case-insensitivity and URL handling by <a href="https://github.com/SksOp"><code>@SksOp</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4731">nodejs/undici#4731</a></li> <li>fix websocket basic auth by <a href="https://github.com/KhafraDev"><code>@KhafraDev</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4747">nodejs/undici#4747</a></li> <li>fix(cache): regenerate stream from source when cache.match is called after GC by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4713">nodejs/undici#4713</a></li> <li>chore: use testcontext for test:cache by <a href="https://github.com/Uzlopak"><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4571">nodejs/undici#4571</a></li> <li>chore: use testcontext for subresource integrity tests by <a href="https://github.com/Uzlopak"><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4575">nodejs/undici#4575</a></li> <li>feat(cache): add origins option for whitelist filtering by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4739">nodejs/undici#4739</a></li> <li>ci: test shared-builtin only on Node.js 24 and 25 by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4746">nodejs/undici#4746</a></li> <li>fix websocketstream open error by <a href="https://github.com/KhafraDev"><code>@KhafraDev</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4748">nodejs/undici#4748</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/eliotschu"><code>@eliotschu</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4692">nodejs/undici#4692</a></li> <li><a href="https://github.com/pabloelisseo"><code>@pabloelisseo</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4706">nodejs/undici#4706</a></li> <li><a href="https://github.com/SksOp"><code>@SksOp</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4731">nodejs/undici#4731</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.2...v7.19.0">https://github.com/nodejs/undici/compare/v7.18.2...v7.19.0</a></p> <h2>v7.18.2</h2> <h2>⚠️ Security Release</h2> <p>This fixes <a href="https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9">https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9</a> and CVE-2026-22036.</p> <h2>What's Changed</h2> <ul> <li>fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4729">nodejs/undici#4729</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2">https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2</a></p> <h2>v7.18.1</h2> <h2>What's Changed</h2> <ul> <li>Test and Fix running without SSL by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4727">nodejs/undici#4727</a></li> <li>docs: add security warning for strictContentLength option by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4726">nodejs/undici#4726</a></li> <li>build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4718">nodejs/undici#4718</a></li> <li>build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4719">nodejs/undici#4719</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1">https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1</a></p> <h2>v7.18.0</h2> <h2>What's Changed</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0">https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0</a></p> <h2>v7.17.0</h2> <h2>What's Changed</h2> <ul> <li>chore: extract infra and encoding methods by <a href="https://github.com/Uzlopak"><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4523">nodejs/undici#4523</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/761fce9aa842ebb784bd723d7885eaa431152e4c"><code>761fce9</code></a> fix websocketstream open error (<a href="https://redirect.github.com/nodejs/undici/issues/4748">#4748</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/9ec91609dd12c49d7d9a60aad4ad3ac89e944f05"><code>9ec9160</code></a> Bumped v7.19.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4751">#4751</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/491f760beb14c32c493dbdb9b72cc31daa923cb0"><code>491f760</code></a> ci: test shared-builtin only on Node.js 24 and 25 (<a href="https://redirect.github.com/nodejs/undici/issues/4746">#4746</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/cc2ec56437cf15108efac70802fd2900fa5e9d62"><code>cc2ec56</code></a> feat(cache): add origins option for whitelist filtering (<a href="https://redirect.github.com/nodejs/undici/issues/4739">#4739</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/8fd6c43c65952ebd2557964a726716879dea5506"><code>8fd6c43</code></a> chore: use testcontest for subresource integrity tests (<a href="https://redirect.github.com/nodejs/undici/issues/4575">#4575</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/2346cd2889fcb015e9cc8e35597849ad54ae801b"><code>2346cd2</code></a> chore: use testcontext for test:cache (<a href="https://redirect.github.com/nodejs/undici/issues/4571">#4571</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/847419f6a297b1f82503b72086e0b1265e518d9e"><code>847419f</code></a> fix(cache): regenerate stream from source when cache.match is called after GC...</li> <li><a href="https://github.com/nodejs/undici/commit/33885134f24937831b83e4e44068d0cd6ab9a201"><code>3388513</code></a> fix websocket basic auth (<a href="https://redirect.github.com/nodejs/undici/issues/4747">#4747</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/250efc8eab72086384fe91b5ee3adbcd9d45dac0"><code>250efc8</code></a> Implement origin normalization in MockAgent for case-insensitivity and URL ha...</li> <li><a href="https://github.com/nodejs/undici/commit/5ebef90ab5f39dad1508499cd38ad881768514a6"><code>5ebef90</code></a> feat(client): expose HTTP/2 flow-control options (<a href="https://redirect.github.com/nodejs/undici/issues/4706">#4706</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v7.11.0...v7.19.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for undici since your current version.</p> </details> <br /> Updates `undici` from 6.21.2 to 6.23.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v7.19.0</h2> <h2>What's Changed</h2> <ul> <li>fix: Handle FormData body type correctly in RetryAgent retried requests by <a href="https://github.com/eliotschu"><code>@eliotschu</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4692">nodejs/undici#4692</a></li> <li>feat(client): expose HTTP/2 flow-control options by <a href="https://github.com/pabloelisseo"><code>@pabloelisseo</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4706">nodejs/undici#4706</a></li> <li>Implement origin normalization in MockAgent for case-insensitivity and URL handling by <a href="https://github.com/SksOp"><code>@SksOp</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4731">nodejs/undici#4731</a></li> <li>fix websocket basic auth by <a href="https://github.com/KhafraDev"><code>@KhafraDev</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4747">nodejs/undici#4747</a></li> <li>fix(cache): regenerate stream from source when cache.match is called after GC by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4713">nodejs/undici#4713</a></li> <li>chore: use testcontext for test:cache by <a href="https://github.com/Uzlopak"><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4571">nodejs/undici#4571</a></li> <li>chore: use testcontext for subresource integrity tests by <a href="https://github.com/Uzlopak"><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4575">nodejs/undici#4575</a></li> <li>feat(cache): add origins option for whitelist filtering by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4739">nodejs/undici#4739</a></li> <li>ci: test shared-builtin only on Node.js 24 and 25 by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4746">nodejs/undici#4746</a></li> <li>fix websocketstream open error by <a href="https://github.com/KhafraDev"><code>@KhafraDev</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4748">nodejs/undici#4748</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/eliotschu"><code>@eliotschu</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4692">nodejs/undici#4692</a></li> <li><a href="https://github.com/pabloelisseo"><code>@pabloelisseo</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4706">nodejs/undici#4706</a></li> <li><a href="https://github.com/SksOp"><code>@SksOp</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4731">nodejs/undici#4731</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.2...v7.19.0">https://github.com/nodejs/undici/compare/v7.18.2...v7.19.0</a></p> <h2>v7.18.2</h2> <h2>⚠️ Security Release</h2> <p>This fixes <a href="https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9">https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9</a> and CVE-2026-22036.</p> <h2>What's Changed</h2> <ul> <li>fix(decompress): limit Content-Encoding chain to 5 to prevent resourc… by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4729">nodejs/undici#4729</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2">https://github.com/nodejs/undici/compare/v7.18.1...v7.18.2</a></p> <h2>v7.18.1</h2> <h2>What's Changed</h2> <ul> <li>Test and Fix running without SSL by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4727">nodejs/undici#4727</a></li> <li>docs: add security warning for strictContentLength option by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4726">nodejs/undici#4726</a></li> <li>build(deps): bump step-security/harden-runner from 2.13.1 to 2.14.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4718">nodejs/undici#4718</a></li> <li>build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/nodejs/undici/pull/4719">nodejs/undici#4719</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1">https://github.com/nodejs/undici/compare/v7.18.0...v7.18.1</a></p> <h2>v7.18.0</h2> <h2>What's Changed</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0">https://github.com/nodejs/undici/compare/v7.17.0...v7.18.0</a></p> <h2>v7.17.0</h2> <h2>What's Changed</h2> <ul> <li>chore: extract infra and encoding methods by <a href="https://github.com/Uzlopak"><code>@Uzlopak</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4523">nodejs/undici#4523</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/761fce9aa842ebb784bd723d7885eaa431152e4c"><code>761fce9</code></a> fix websocketstream open error (<a href="https://redirect.github.com/nodejs/undici/issues/4748">#4748</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/9ec91609dd12c49d7d9a60aad4ad3ac89e944f05"><code>9ec9160</code></a> Bumped v7.19.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4751">#4751</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/491f760beb14c32c493dbdb9b72cc31daa923cb0"><code>491f760</code></a> ci: test shared-builtin only on Node.js 24 and 25 (<a href="https://redirect.github.com/nodejs/undici/issues/4746">#4746</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/cc2ec56437cf15108efac70802fd2900fa5e9d62"><code>cc2ec56</code></a> feat(cache): add origins option for whitelist filtering (<a href="https://redirect.github.com/nodejs/undici/issues/4739">#4739</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/8fd6c43c65952ebd2557964a726716879dea5506"><code>8fd6c43</code></a> chore: use testcontest for subresource integrity tests (<a href="https://redirect.github.com/nodejs/undici/issues/4575">#4575</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/2346cd2889fcb015e9cc8e35597849ad54ae801b"><code>2346cd2</code></a> chore: use testcontext for test:cache (<a href="https://redirect.github.com/nodejs/undici/issues/4571">#4571</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/847419f6a297b1f82503b72086e0b1265e518d9e"><code>847419f</code></a> fix(cache): regenerate stream from source when cache.match is called after GC...</li> <li><a href="https://github.com/nodejs/undici/commit/33885134f24937831b83e4e44068d0cd6ab9a201"><code>3388513</code></a> fix websocket basic auth (<a href="https://redirect.github.com/nodejs/undici/issues/4747">#4747</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/250efc8eab72086384fe91b5ee3adbcd9d45dac0"><code>250efc8</code></a> Implement origin normalization in MockAgent for case-insensitivity and URL ha...</li> <li><a href="https://github.com/nodejs/undici/commit/5ebef90ab5f39dad1508499cd38ad881768514a6"><code>5ebef90</code></a> feat(client): expose HTTP/2 flow-control options (<a href="https://redirect.github.com/nodejs/undici/issues/4706">#4706</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v7.11.0...v7.19.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for undici since your current version.</p> </details> <br /> Updates `@sveltejs/kit` from 2.22.4 to 2.50.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/kit/releases"><code>@sveltejs/kit</code>'s releases</a>.</em></p> <blockquote> <h2><code>@sveltejs/kit</code><a href="https://github.com/2"><code>@2</code></a>.50.0</h2> <h3>Minor Changes</h3> <ul> <li>breaking: remove <code>buttonProps</code> from experimental remote form functions; use e.g. <code><button {...myForm.fields.action.as('submit', 'register')}>Register</button></code> button instead (<a href="https://redirect.github.com/sveltejs/kit/pull/15144">#15144</a>)</li> </ul> <h2><code>@sveltejs/kit</code><a href="https://github.com/2"><code>@2</code></a>.49.5</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: avoid overriding Vite default <code>base</code> when running Vitest 4 (<a href="https://redirect.github.com/sveltejs/kit/pull/14866">#14866</a>)</p> </li> <li> <p>fix: ensure url decoded pathnames are not mistaken as rerouted requests (<a href="https://github.com/sveltejs/kit/commit/d9ae9b00b14f5574d109f3fd548f960594346226"><code>d9ae9b0</code></a>)</p> </li> <li> <p>fix: add length checks to remote forms (<a href="https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5"><code>8ed8155</code></a>)</p> </li> </ul> <h2><code>@sveltejs/kit</code><a href="https://github.com/2"><code>@2</code></a>.49.4</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: support instrumentation for <code>vite preview</code> (<a href="https://redirect.github.com/sveltejs/kit/pull/15105">#15105</a>)</p> </li> <li> <p>fix: support for <code>URLSearchParams.has(name, value)</code> overload (<a href="https://redirect.github.com/sveltejs/kit/pull/15076">#15076</a>)</p> </li> <li> <p>fix: put forking behind <code>experimental.forkPreloads</code> (<a href="https://redirect.github.com/sveltejs/kit/pull/15135">#15135</a>)</p> </li> </ul> <h2><code>@sveltejs/kit</code><a href="https://github.com/2"><code>@2</code></a>.49.3</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: avoid false-positive Vite config overridden warning when using Vitest 4 (<a href="https://redirect.github.com/sveltejs/kit/pull/15121">#15121</a>)</p> </li> <li> <p>fix: add <code>typescript</code> as an optional peer dependency (<a href="https://redirect.github.com/sveltejs/kit/pull/15074">#15074</a>)</p> </li> <li> <p>fix: use hasOwn check when deep-setting object properties (<a href="https://redirect.github.com/sveltejs/kit/pull/15127">#15127</a>)</p> </li> </ul> <h2><code>@sveltejs/kit</code><a href="https://github.com/2"><code>@2</code></a>.49.2</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: Stop re-loading already-loaded CSS during server-side route resolution (<a href="https://redirect.github.com/sveltejs/kit/pull/15014">#15014</a>)</p> </li> <li> <p>fix: posixify the instrumentation file import on Windows (<a href="https://redirect.github.com/sveltejs/kit/pull/14993">#14993</a>)</p> </li> <li> <p>fix: Correctly handle shared memory when decoding binary form data (<a href="https://redirect.github.com/sveltejs/kit/pull/15028">#15028</a>)</p> </li> </ul> <h2><code>@sveltejs/kit</code><a href="https://github.com/2"><code>@2</code></a>.49.1</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md"><code>@sveltejs/kit</code>'s changelog</a>.</em></p> <blockquote> <h2>2.50.0</h2> <h3>Minor Changes</h3> <ul> <li>breaking: remove <code>buttonProps</code> from experimental remote form functions; use e.g. <code><button {...myForm.fields.action.as('submit', 'register')}>Register</button></code> button instead (<a href="https://redirect.github.com/sveltejs/kit/pull/15144">#15144</a>)</li> </ul> <h2>2.49.5</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: avoid overriding Vite default <code>base</code> when running Vitest 4 (<a href="https://redirect.github.com/sveltejs/kit/pull/14866">#14866</a>)</p> </li> <li> <p>fix: ensure url decoded pathnames are not mistaken as rerouted requests (<a href="https://github.com/sveltejs/kit/commit/d9ae9b00b14f5574d109f3fd548f960594346226"><code>d9ae9b0</code></a>)</p> </li> <li> <p>fix: add length checks to remote forms (<a href="https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5"><code>8ed8155</code></a>)</p> </li> </ul> <h2>2.49.4</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: support instrumentation for <code>vite preview</code> (<a href="https://redirect.github.com/sveltejs/kit/pull/15105">#15105</a>)</p> </li> <li> <p>fix: support for <code>URLSearchParams.has(name, value)</code> overload (<a href="https://redirect.github.com/sveltejs/kit/pull/15076">#15076</a>)</p> </li> <li> <p>fix: put forking behind <code>experimental.forkPreloads</code> (<a href="https://redirect.github.com/sveltejs/kit/pull/15135">#15135</a>)</p> </li> </ul> <h2>2.49.3</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: avoid false-positive Vite config overridden warning when using Vitest 4 (<a href="https://redirect.github.com/sveltejs/kit/pull/15121">#15121</a>)</p> </li> <li> <p>fix: add <code>typescript</code> as an optional peer dependency (<a href="https://redirect.github.com/sveltejs/kit/pull/15074">#15074</a>)</p> </li> <li> <p>fix: use hasOwn check when deep-setting object properties (<a href="https://redirect.github.com/sveltejs/kit/pull/15127">#15127</a>)</p> </li> </ul> <h2>2.49.2</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: Stop re-loading already-loaded CSS during server-side route resolution (<a href="https://redirect.github.com/sveltejs/kit/pull/15014">#15014</a>)</p> </li> <li> <p>fix: posixify the instrumentation file import on Windows (<a href="https://redirect.github.com/sveltejs/kit/pull/14993">#14993</a>)</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/kit/commit/391c6f742a1e6704b1113f9a051b6987c35c78d0"><code>391c6f7</code></a> Version Packages (<a href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15177">#15177</a>)</li> <li><a href="https://github.com/sveltejs/kit/commit/36cb864b7f8a5dca0694d4f9e4a76abefc742a10"><code>36cb864</code></a> Revert "Revert "breaking: remove <code>buttonProps</code> from experimental remote form ...</li> <li><a href="https://github.com/sveltejs/kit/commit/8a828596b9f51154ea63f4f8b65ce049cae4bd27"><code>8a82859</code></a> chore: fix lint errors (<a href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15174">#15174</a>)</li> <li><a href="https://github.com/sveltejs/kit/commit/80ffb53382e397a8fc83e6b63d2675eeabb427bd"><code>80ffb53</code></a> Version Packages (<a href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15162">#15162</a>)</li> <li><a href="https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5"><code>8ed8155</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/kit/commit/d9ae9b00b14f5574d109f3fd548f960594346226"><code>d9ae9b0</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/kit/commit/ec4596a066eb488b27e237b5fc1472ed6bfc37e2"><code>ec4596a</code></a> chore: Upgrade devalue (<a href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15172">#15172</a>)</li> <li><a href="https://github.com/sveltejs/kit/commit/81cd545dd78b60ee994a04d8abacb58bf63584d7"><code>81cd545</code></a> fix: avoid overriding Vite default <code>base</code> when running Vitest 4 (<a href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/14866">#14866</a>)</li> <li><a href="https://github.com/sveltejs/kit/commit/6cf9491ccdc4e6af8801e681c017c9627e9bf3d6"><code>6cf9491</code></a> chore: remove unused is_http_method helper and method set to (<a href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15152">#15152</a>)</li> <li><a href="https://github.com/sveltejs/kit/commit/3305022433f5ebd37f0a413275f8291d1a189d5f"><code>3305022</code></a> Revert "breaking: remove <code>buttonProps</code> from experimental remote form function...</li> <li>Additional commits viewable in <a href="https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.50.0/packages/kit">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for <code>@sveltejs/kit</code> since your current version.</p> </details> <br /> Updates `devalue` from 5.1.1 to 5.6.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/devalue/releases">devalue's releases</a>.</em></p> <blockquote> <h2>v5.6.2</h2> <h3>Patch Changes</h3> <ul> <li>1175584: fix: validate input for <code>ArrayBuffer</code> parsing</li> <li>e46afa6: fix: validate input for typed arrays</li> <li>1175584: fix: more helpful errors for inputs causing stack overflows</li> </ul> <h2>v5.6.1</h2> <h3>Patch Changes</h3> <ul> <li>2161d44: fix: add hasOwn check before calling reviver</li> </ul> <h2>v5.6.0</h2> <h3>Minor Changes</h3> <ul> <li>a3d09d4: feat: expose <code>DevalueError</code> for <code>instanceof</code> checks in <code>catch</code> clauses</li> <li>a3d09d4: feat: add <code>value</code> and <code>root</code> properties in <code>DevalueError</code> instances</li> </ul> <h2>v5.5.0</h2> <h3>Minor Changes</h3> <ul> <li>828fa1c: Enable support for custom reducer/reviver for "function" values</li> </ul> <h2>v5.4.2</h2> <h3>Patch Changes</h3> <ul> <li>5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers</li> </ul> <h2>v5.4.1</h2> <h3>Patch Changes</h3> <ul> <li>ca3c7b6: chore: Remove impossible <code>void</code> type from replacer's <code>uneval</code></li> </ul> <h2>v5.4.0</h2> <h3>Minor Changes</h3> <ul> <li>9306d09: feat: pass <code>uneval</code> to replacer, for handling nested custom types</li> </ul> <h3>Patch Changes</h3> <ul> <li>b617c7c: perf: shrink <code>uneval</code> output with null-proto objects</li> </ul> <h2>v5.3.2</h2> <h3>Patch Changes</h3> <ul> <li>0623a47: fix: disallow array method access when parsing</li> <li>0623a47: fix: disallow <code>__proto__</code> properties on objects</li> </ul> <h2>v5.3.1</h2> <h3>Patch Changes</h3>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md">devalue's changelog</a>.</em></p> <blockquote> <h2>5.6.2</h2> <h3>Patch Changes</h3> <ul> <li>1175584: fix: validate input for <code>ArrayBuffer</code> parsing</li> <li>e46afa6: fix: validate input for typed arrays</li> <li>1175584: fix: more helpful errors for inputs causing stack overflows</li> </ul> <h2>5.6.1</h2> <h3>Patch Changes</h3> <ul> <li>2161d44: fix: add hasOwn check before calling reviver</li> </ul> <h2>5.6.0</h2> <h3>Minor Changes</h3> <ul> <li>a3d09d4: feat: expose <code>DevalueError</code> for <code>instanceof</code> checks in <code>catch</code> clauses</li> <li>a3d09d4: feat: add <code>value</code> and <code>root</code> properties in <code>DevalueError</code> instances</li> </ul> <h2>5.5.0</h2> <h3>Minor Changes</h3> <ul> <li>828fa1c: Enable support for custom reducer/reviver for "function" values</li> </ul> <h2>5.4.2</h2> <h3>Patch Changes</h3> <ul> <li>5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers</li> </ul> <h2>5.4.1</h2> <h3>Patch Changes</h3> <ul> <li>ca3c7b6: chore: Remove impossible <code>void</code> type from replacer's <code>uneval</code></li> </ul> <h2>5.4.0</h2> <h3>Minor Changes</h3> <ul> <li>9306d09: feat: pass <code>uneval</code> to replacer, for handling nested custom types</li> </ul> <h3>Patch Changes</h3> <ul> <li>b617c7c: perf: shrink <code>uneval</code> output with null-proto objects</li> </ul> <h2>5.3.2</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/devalue/commit/fcf4e88275f2e2e45b9ea70ffaa5247c8f55f057"><code>fcf4e88</code></a> fix tests</li> <li><a href="https://github.com/sveltejs/devalue/commit/1d8a5ea5863bcd9992755ce5a3842265753cb4ab"><code>1d8a5ea</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/131">#131</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4"><code>1175584</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/e46afa64dd2b25aa35fb905ba5d20cea63aabbf7"><code>e46afa6</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/5e07a67eda945b3ac2ebac26b18863beabee7357"><code>5e07a67</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/129">#129</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/aa096040e21a17c628dabea4bcb9d2d4f4542366"><code>aa09604</code></a> Bump js-yaml from 3.14.1 to 3.14.2 (<a href="https://redirect.github.com/sveltejs/devalue/issues/125">#125</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/2161d4490aa66e4b120cfa9521874b6f857319dd"><code>2161d44</code></a> fix: add hasOwn check before calling reviver (<a href="https://redirect.github.com/sveltejs/devalue/issues/128">#128</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/83de81d13d02dc90dbc94d952b1438b17471547a"><code>83de81d</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/127">#127</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/a3d09d42a1a2fafb0cafab2c129756baffd858af"><code>a3d09d4</code></a> Add <code>value</code> and <code>root</code> properties in <code>DevalueError</code> instances (<a href="https://redirect.github.com/sveltejs/devalue/issues/126">#126</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/f4b37f37ee91d1c22e41920a7320d320f5deaae8"><code>f4b37f3</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/124">#124</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sveltejs/devalue/compare/v5.1.1...v5.6.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for devalue since your current version.</p> </details> <br /> Updates `js-yaml` from 4.1.0 to 4.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a"><code>cc482e7</code></a> 4.1.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f"><code>50968b8</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b"><code>d092d86</code></a> lint fix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"><code>383665f</code></a> fix prototype pollution in merge (<<)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976"><code>0d3ca7a</code></a> README.md: HTTP => HTTPS (<a href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b"><code>49baadd</code></a> doc: 'empty' style option for !!null</li> <li><a href="https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce"><code>ba3460e</code></a> Fix demo link (<a href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare view</a></li> </ul> </details> <br /> Updates `qs` from 6.13.0 to 6.14.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> <li>[Tests] <code>utils.merge</code>: add some coverage</li> <li>[Tests] fix a test case</li> <li>[actions] split out node 10-20, and 20+</li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>mock-property</code>, <code>object-inspect</code>, <code>tape</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/3fa11a5f643c76896387bd2d86904a2d0141fdf7"><code>3fa11a5</code></a> v6.14.1</li> <li><a href="https://github.com/ljharb/qs/commit/a62670423c1ccab0dd83c621bfb98c7c024e314d"><code>a626704</code></a> [Dev Deps] update <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"><code>3086902</code></a> [Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li><a href="https://github.com/ljharb/qs/commit/fc7930e86c2264c1568c9f5606830e19b0bc2af2"><code>fc7930e</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/0b06aac566abee45ef0327667a7cc89e7aed8b58"><code>0b06aac</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/64951f6200a1fb72cc003c6e8226dde3d2ef591f"><code>64951f6</code></a> [Refactor] <code>parse</code>: extract key segment splitting helper</li> <li><a href="https://github.com/ljharb/qs/commit/e1bd2599cdff4c936ea52fb1f16f921cbe7aa88c"><code>e1bd259</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/f4b3d39709fef6ddbd85128d1ba4c6b566c4902e"><code>f4b3d39</code></a> [eslint] add eslint 9 optional peer dep</li> <li><a href="https://github.com/ljharb/qs/commit/6e94d9596ca50dffafcef40a5f64eca89962cf34"><code>6e94d95</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/973dc3c51c86da9f4e30edeb4b1725158d439102"><code>973dc3c</code></a> [actions] add workflow permissions</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.1">compare view</a></li> </ul> </details> <br /> Updates `tar` from 7.4.3 to 7.5.6 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>7.5</h2> <ul> <li>Added <code>zstd</code> compression support.</li> <li>Consistent TOCTOU behavior in sync t.list</li> <li>Only read from ustar block if not specified in Pax</li> <li>Fix sync tar.list when file size reduces while reading</li> <li>Sanitize absolute linkpaths properly</li> <li>Prevent writing hardlink entries to the archive ahead of their file target</li> </ul> <h2>7.4</h2> <ul> <li>Deprecate <code>onentry</code> in favor of <code>onReadEntry</code> for clarity.</li> </ul> <h2>7.3</h2> <ul> <li>Add <code>onWriteEntry</code> option</li> </ul> <h2>7.2</h2> <ul> <li>DRY the command definitions into a single <code>makeCommand</code> method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.</li> </ul> <h2>7.1</h2> <ul> <li>Update minipass to v7.1.0</li> <li>Update the type definitions of <code>write()</code> and <code>end()</code> methods on <code>Unpack</code> and <code>Parser</code> classes to be compatible with the NodeJS.WritableStream type in the latest versions of <code>@types/node</code>.</li> </ul> <h2>7.0</h2> <ul> <li>Drop support for node <18</li> <li>Rewrite in TypeScript, provide ESM and CommonJS hybrid interface</li> <li>Add tree-shake friendly exports, like <code>import('tar/create')</code> and <code>import('tar/read-entry')</code> to get individual functions or classes.</li> <li>Add <code>chmod</code> option that defaults to false, and deprecate <code>noChmod</code>. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.</li> <li>Add <code>processUmask</code> option to avoid having to call <code>process.umask()</code> when <code>chmod: true</code> (or <code>noChmod: false</code>) is set.</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/node-tar/commit/394ece6ad8d81742a4e4058af227c616cd947a25"><code>394ece6</code></a> 7.5.6</li> <li><a href="https://github.com/isaacs/node-tar/commit/7d4cc17c76f6bd11dcd83de47187dc6dff206eee"><code>7d4cc17</code></a> fix race puting a Link ahead of its target File</li> <li><a href="https://github.com/isaacs/node-tar/commit/26ab90474e642cf00d84a05bcdc2eaf2a19f1581"><code>26ab904</code></a> 7.5.5</li> <li><a href="https://github.com/isaacs/node-tar/commit/e9a1ddb821b29ddee75b9470dd511066148c8070"><code>e9a1ddb</code></a> fix: do not prevent valid linkpaths within archive</li> <li><a href="https://github.com/isaacs/node-tar/commit/911c886bb170a6ee3db05fd3709221752213ec8a"><code>911c886</code></a> 7.5.4</li> <li><a href="https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6"><code>3b1abfa</code></a> normalize out unicode ligatures</li> <li><a href="https://github.com/isaacs/node-tar/commit/a43478c5c51a71ec996cea62ff824eb9dc9dd17c"><code>a43478c</code></a> remove some unused files</li> <li><a href="https://github.com/isaacs/node-tar/commit/970c58f6d3d0c932081f8b40218f612db2fabb5a"><code>970c58f</code></a> update deps</li> <li><a href="https://github.com/isaacs/node-tar/commit/bb219748945d63f29de7ab0e9a990e422c166c37"><code>bb21974</code></a> update changelog</li> <li><a href="https://github.com/isaacs/node-tar/commit/03138441b238f48070fb22824b2529c445bc70c7"><code>0313844</code></a> 7.5.3</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.6">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for tar since your current version.</p> </details> <br /> Updates `vega-functions` from 6.1.0 to 6.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vega/vega/releases">vega-functions's releases</a>.</em></p> <blockquote> <h2>v6.1.1</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.1">https://github.com/vega/vega/compare/v6.1.0...v6.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vega/vega/commit/d67c1b7d5ee707eabd82905088aff1605ca866ba"><code>d67c1b7</code></a> chore: bump to 6.1.1</li> <li><a href="https://github.com/vega/vega/commit/e5745308e2b0573d95eeca63c981c6db79b17a52"><code>e574530</code></a> chore: bump vega-cli</li> <li>See full diff in <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~hydrosquall">hydrosquall</a>, a new releaser for vega-functions since your current version.</p> </details> <br /> Updates `vega-selections` from 6.1.0 to 6.1.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vega/vega/releases">vega-selections's releases</a>.</em></p> <blockquote> <h2>v6.1.2</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/vega/vega/compare/v6.1.1...v6.1.2">https://github.com/vega/vega/compare/v6.1.1...v6.1.2</a></p> <h2>v6.1.1</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.1">https://github.com/vega/vega/compare/v6.1.0...v6.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vega/vega/commit/18a55af6207fb183510659bdec3922eddc9a6022"><code>18a55af</code></a> chore: fix json of package.json</li> <li><a href="https://github.com/vega/vega/commit/38957ff074288c014230bd55bbcd0acf6d1ee1ec"><code>38957ff</code></a> chore: bump vega</li> <li><a href="https://github.com/vega/vega/commit/bb800e9dcedaa2d53b729d753cf8a66d221a3063"><code>bb800e9</code></a> chore: simplify gitignore</li> <li><a href="https://github.com/vega/vega/commit/b737e032d9d1dee557bbb9fa0fdbf0789220ee61"><code>b737e03</code></a> fix: run <code>npm pkg fix</code></li> <li><a href="https://github.com/vega/vega/commit/d67c1b7d5ee707eabd82905088aff1605ca866ba"><code>d67c1b7</code></a> chore: bump to 6.1.1</li> <li><a href="https://github.com/vega/vega/commit/e5745308e2b0573d95eeca63c981c6db79b17a52"><code>e574530</code></a> chore: bump vega-cli</li> <li>See full diff in <a href="https://github.com/vega/vega/compare/v6.1.0...v6.1.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~hydrosquall">hydrosquall</a>, a new releaser for vega-selections since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/open-webui/open-webui/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-25 13:40:56 -05:00

GiteaMirror closed this issue

2026-04-25 13:40:57 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#41431

[PR #20860] [CLOSED] chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates #41431

📋 Pull Request Information

📝 Commits (1)

📊 Changes

📄 Description

v7.19.0

What's Changed

New Contributors

v7.18.2

⚠️ Security Release

What's Changed

v7.18.1

What's Changed

v7.18.0

What's Changed

v7.17.0

What's Changed

v7.19.0

What's Changed

New Contributors

v7.18.2

⚠️ Security Release

What's Changed

v7.18.1

What's Changed

v7.18.0

What's Changed

v7.17.0

What's Changed

@​sveltejs/kit@​2.50.0

Minor Changes

@​sveltejs/kit@​2.49.5

Patch Changes

@​sveltejs/kit@​2.49.4

Patch Changes

@​sveltejs/kit@​2.49.3

Patch Changes

@​sveltejs/kit@​2.49.2

Patch Changes

@​sveltejs/kit@​2.49.1

2.50.0

Minor Changes

2.49.5

Patch Changes

2.49.4

Patch Changes

2.49.3

Patch Changes

2.49.2

Patch Changes

v5.6.2

Patch Changes

v5.6.1

Patch Changes

v5.6.0

Minor Changes

v5.5.0

Minor Changes

v5.4.2

Patch Changes

v5.4.1

Patch Changes

v5.4.0

Minor Changes

Patch Changes

v5.3.2

Patch Changes

v5.3.1

Patch Changes

5.6.2

Patch Changes

5.6.1

Patch Changes

5.6.0

Minor Changes

5.5.0

Minor Changes

5.4.2

Patch Changes

5.4.1

`@sveltejs/kit@2`.50.0

`@sveltejs/kit@2`.49.5

`@sveltejs/kit@2`.49.4

`@sveltejs/kit@2`.49.3

`@sveltejs/kit@2`.49.2

`@sveltejs/kit@2`.49.1