mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 14:39:31 -05:00
[PR #22660] [CLOSED] chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates #81675
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/22660
Author: @dependabot[bot]
Created: 3/14/2026
Status: ❌ Closed
Base:
main← Head:dependabot/npm_and_yarn/npm_and_yarn-121023581f📝 Commits (1)
877b5c5chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates📊 Changes
2 files changed (+564 additions, -694 deletions)
View changed files
📝
package-lock.json(+557 -687)📝
package.json(+7 -7)📄 Description
Bumps the npm_and_yarn group with 12 updates in the / directory:
3.2.63.3.34.0.04.2.07.11.07.24.16.21.26.24.05.42.25.53.113.1.23.1.55.0.35.1.54.1.04.1.114.1.014.1.16.13.06.14.24.22.44.59.07.4.37.5.111.13.71.13.8Updates
dompurifyfrom 3.2.6 to 3.3.3Release notes
Sourced from dompurify's releases.
Commits
8bcbf73chore: Preparing 3.3.3 release5faddd6fix: engine requirement (#1210)0f91e3aUpdate README.mdd5ff1a8Merge branch 'main' of github.com:cure53/DOMPurifyc3efd48fix: moved back from jsdom 28 to jsdom 20988b888fix: moved back from jsdom 28 to jsdom 202726c74chore: Preparing 3.3.2 release6202c7ebuild(deps): bump@tootallnate/onceand jsdom (#1204)302b51dfix: Expanded the regex ever so slightly to also cover scriptcd85175Merge branch 'main' of github.com:cure53/DOMPurifyUpdates
jspdffrom 4.0.0 to 4.2.0Release notes
Sourced from jspdf's releases.
Commits
7af912c4.2.056b46d4Merge commit from fork2e5e156Merge commit from fork71ad2dbMerge commit from fork885a777fix: upgrade@babel/runtimefrom 7.28.4 to 7.28.6 (#3954)3b92c7dAdd default export to package.json (#3953)02273814.1.0ae4b93fMerge commit from fork2863e5cMerge commit from forkefe54bfMerge commit from forkUpdates
undicifrom 7.11.0 to 7.24.1Release notes
Sourced from undici's releases.
... (truncated)
Commits
23e3cd3Bumped v7.24.13aedaa8remove PLAN.md0d7ec33fix: proto pollution (#4885)07a3906Bumped v7.24.0 (#4887)74495c6fix: reject duplicate content-length and host headers84235c6Fix websocket 64-bit length overflow77594f9fix: validate upgrade header to prevent CRLF injectioncb79c57fix: validate server_max_window_bits range in permessage-deflate4147ce2Merge commit '2ee00cb3'2ee00cbfix(websocket): add maxDecompressedMessageSize limit for permessage-deflateMaintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.
Updates
undicifrom 6.21.2 to 6.24.0Release notes
Sourced from undici's releases.
... (truncated)
Commits
23e3cd3Bumped v7.24.13aedaa8remove PLAN.md0d7ec33fix: proto pollution (#4885)07a3906Bumped v7.24.0 (#4887)74495c6fix: reject duplicate content-length and host headers84235c6Fix websocket 64-bit length overflow77594f9fix: validate upgrade header to prevent CRLF injectioncb79c57fix: validate server_max_window_bits range in permessage-deflate4147ce2Merge commit '2ee00cb3'2ee00cbfix(websocket): add maxDecompressedMessageSize limit for permessage-deflateMaintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.
Updates
sveltefrom 5.42.2 to 5.53.11Release notes
Sourced from svelte's releases.
... (truncated)
Changelog
Sourced from svelte's changelog.
... (truncated)
Commits
bd433c5Version Packages (#17901)7c9ff8ffix: resolve boundary in correct batch when hydrating (#17914)667896afix: recover from errors that leave a corrupted effect tree (#17888)e4e0893fix: removeuntrackcircular dependency (#17910)58f161dfix: properly lazily evaluate RHS when checking for assignment_value_stale (#...0e8f49bchore: rebase batches after process, not during (#17900)72cd247Version Packages (#17896)342d856fix: re-process batch if new root effects were scheduled (#17895)d54361bVersion Packages (#17886)be36c93fix: betterbind:thiscleanup timing (#17885)Updates
minimatchfrom 3.1.2 to 3.1.5Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsUpdates
devaluefrom 5.1.1 to 5.6.4Release notes
Sourced from devalue's releases.
... (truncated)
Changelog
Sourced from devalue's changelog.
... (truncated)
Commits
6cbb3f5Version Packages (#133)40f1db1Merge commit from fork87c1f3cMerge commit from forka4a37d2Version Packages (#132)819f1acMerge commit from fork0f04d4dMerge commit from forkfcf4e88fix tests1d8a5eaVersion Packages (#131)1175584Merge commit from forke46afa6Merge commit from forkMaintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.
Updates
immutablefrom 5.0.3 to 5.1.5Release notes
Sourced from immutable's releases.
... (truncated)
Changelog
Sourced from immutable's changelog.
... (truncated)
Commits
b37b8555.1.516b3313Merge commit from forkfd2ef49fix new proto key injection6734b7bfix Prototype Pollution in mergeDeep, toJS, etc.6f772deMerge pull request #2175 from immutable-js/dependabot/npm_and_yarn/rollup-4.59.05f3dc61Bump rollup from 4.34.8 to 4.59.0049a594Merge pull request #2173 from immutable-js/dependabot/npm_and_yarn/lodash-4.1...2481a77Merge pull request #2172 from mrazauskas/update-tstycheeb04779Bump lodash from 4.17.21 to 4.17.23b973bf3formatMaintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for immutable since your current version.
Updates
js-yamlfrom 4.1.0 to 4.1.1Changelog
Sourced from js-yaml's changelog.
Commits
cc482e74.1.1 released50968b8dist rebuildd092d86lint fix383665ffix prototype pollution in merge (<<)0d3ca7aREADME.md: HTTP => HTTPS (#678)49baadddoc: 'empty' style option for !!nullba3460eFix demo link (#618)Updates
markdown-itfrom 14.1.0 to 14.1.1Changelog
Sourced from markdown-it's changelog.
Commits
b4a9b6514.1.1 released4b4bbcaFixed perf regression in linkify-it wrapperd2782d8Add supplementary example-driven documentation (#1092)Updates
qsfrom 6.13.0 to 6.14.2Changelog
Sourced from qs's changelog.
... (truncated)
Commits
bdcf0c7v6.14.2294db90[readme] document thataddQueryPrefixdoes not add?to empty output5c308e5[readme] clarifyparseArraysandarrayLimitdocumentation6addf8c[Fix]parse: mark overflow objects for indexed notation exceedingarrayLimitcfc108f[Fix]arrayLimitmeans max count, not max index, incombine/merge/`pars...febb644[Fix]parse: throw onarrayLimitexceeded with indexed notation when `thr...f6a7abf[Fix]parse: enforcearrayLimitoncomma-parsed valuesfbc5206[Fix]parse: fix error message to reflect arrayLimit as max index; remove e...1b9a8b4[actions] fix rebase workflow permissions2a35775[meta] fix changelog typo (arrayLength→arrayLimit)Updates
rollupfrom 4.22.4 to 4.59.0Release notes
Sourced from rollup's releases.
... (truncated)
Changelog
Sourced from rollup's changelog.