[PR #22660] [CLOSED] chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates #81675

Closed
opened 2026-05-13 16:02:44 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/22660
Author: @dependabot[bot]
Created: 3/14/2026
Status: Closed

Base: mainHead: dependabot/npm_and_yarn/npm_and_yarn-121023581f


📝 Commits (1)

  • 877b5c5 chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates

📊 Changes

2 files changed (+564 additions, -694 deletions)

View changed files

📝 package-lock.json (+557 -687)
📝 package.json (+7 -7)

📄 Description

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package From To
dompurify 3.2.6 3.3.3
jspdf 4.0.0 4.2.0
undici 7.11.0 7.24.1
undici 6.21.2 6.24.0
svelte 5.42.2 5.53.11
minimatch 3.1.2 3.1.5
immutable 5.0.3 5.1.5
js-yaml 4.1.0 4.1.1
markdown-it 14.1.0 14.1.1
qs 6.13.0 6.14.2
rollup 4.22.4 4.59.0
tar 7.4.3 7.5.11
underscore 1.13.7 1.13.8

Updates dompurify from 3.2.6 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

  • Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua

DOMPurify 3.3.1

  • Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @​MariusRumpf
  • Updated the ESM import syntax to be more correct, thanks @​binhpv

DOMPurify 3.3.0

  • Added the SVG mask-type attribute to default allow-list, thanks @​prasadrajandran
  • Added support for ADD_ATTR and ADD_TAGS to accept functions, thanks @​nelstrom
  • Fixed an issue with the slot element being in both SVG and HTML allow-list, thanks @​Wim-Valgaeren

DOMPurify 3.2.7

  • Added new attributes and elements to default allow-list, thanks @​elrion018
  • Added tagName parameter to custom element attributeNameCheck, thanks @​nelstrom
  • Added better check for animated href attributes, thanks @​llamakko
  • Updated and improved the bundled types, thanks @​ssi02014
  • Updated several tests to better align with new browser encoding behaviors
  • Improved the handling of potentially risky content inside CDATA elements, thanks @​securityMB & @​terjanq
  • Improved the regular expression for raw-text elements to cover textareas, thanks @​securityMB & @​terjanq
Commits
  • 8bcbf73 chore: Preparing 3.3.3 release
  • 5faddd6 fix: engine requirement (#1210)
  • 0f91e3a Update README.md
  • d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
  • c3efd48 fix: moved back from jsdom 28 to jsdom 20
  • 988b888 fix: moved back from jsdom 28 to jsdom 20
  • 2726c74 chore: Preparing 3.3.2 release
  • 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
  • 302b51d fix: Expanded the regex ever so slightly to also cover script
  • cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
  • Additional commits viewable in compare view

Updates jspdf from 4.0.0 to 4.2.0

Release notes

Sourced from jspdf's releases.

v4.2.0

This release fixes three security issues.

What's Changed

New Contributors

Full Changelog: https://github.com/parallax/jsPDF/compare/v4.1.0...v4.2.0

v4.1.0

This release fixes several security issues.

What's Changed

Full Changelog: https://github.com/parallax/jsPDF/compare/v4.0.0...v4.1.0

Commits

Updates undici from 7.11.0 to 7.24.1

Release notes

Sourced from undici's releases.

v7.24.1

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

  • GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
    Inconsistent interpretation of HTTP requests (request/response smuggling class issue).

  • GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
    Malicious WebSocket 64-bit frame length handling could crash the client.

  • GHSA-phc3-fgpg-7m6h / CVE-2026-2581 (Medium)
    Unbounded memory consumption in deduplication interceptor response buffering (DoS risk).

  • GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)
    CRLF injection via the upgrade option.

  • GHSA-v9p9-hfj2-hcw8 / CVE-2026-2229 (High)
    Unhandled exception from invalid server_max_window_bits in WebSocket permessage-deflate negotiation.

  • GHSA-vrm6-8vpv-qv8q / CVE-2026-1526 (High)
    Unbounded memory consumption in WebSocket permessage-deflate decompression.

Affected and patched ranges

  • CVE-2026-1525: affected 7.0.0 < 7.24.0, patched 7.24.0
  • CVE-2026-1528: affected 7.0.0 < 7.24.0, patched 7.24.0
  • CVE-2026-2581: affected >= 7.17.0 < 7.24.0, patched 7.24.0
  • CVE-2026-1527: affected 7.0.0 < 7.24.0, patched 7.24.0
  • CVE-2026-2229: affected 7.0.0 < 7.24.0, patched 7.24.0
  • CVE-2026-1526: affected 7.0.0 < 7.24.0, patched 7.24.0

References

... (truncated)

Commits
  • 23e3cd3 Bumped v7.24.1
  • 3aedaa8 remove PLAN.md
  • 0d7ec33 fix: proto pollution (#4885)
  • 07a3906 Bumped v7.24.0 (#4887)
  • 74495c6 fix: reject duplicate content-length and host headers
  • 84235c6 Fix websocket 64-bit length overflow
  • 77594f9 fix: validate upgrade header to prevent CRLF injection
  • cb79c57 fix: validate server_max_window_bits range in permessage-deflate
  • 4147ce2 Merge commit '2ee00cb3'
  • 2ee00cb fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.


Updates undici from 6.21.2 to 6.24.0

Release notes

Sourced from undici's releases.

v7.24.1

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

  • GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
    Inconsistent interpretation of HTTP requests (request/response smuggling class issue).

  • GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
    Malicious WebSocket 64-bit frame length handling could crash the client.

  • GHSA-phc3-fgpg-7m6h / CVE-2026-2581 (Medium)
    Unbounded memory consumption in deduplication interceptor response buffering (DoS risk).

  • GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)
    CRLF injection via the upgrade option.

  • GHSA-v9p9-hfj2-hcw8 / CVE-2026-2229 (High)
    Unhandled exception from invalid server_max_window_bits in WebSocket permessage-deflate negotiation.

  • GHSA-vrm6-8vpv-qv8q / CVE-2026-1526 (High)
    Unbounded memory consumption in WebSocket permessage-deflate decompression.

Affected and patched ranges

  • CVE-2026-1525: affected 7.0.0 < 7.24.0, patched 7.24.0
  • CVE-2026-1528: affected 7.0.0 < 7.24.0, patched 7.24.0
  • CVE-2026-2581: affected >= 7.17.0 < 7.24.0, patched 7.24.0
  • CVE-2026-1527: affected 7.0.0 < 7.24.0, patched 7.24.0
  • CVE-2026-2229: affected 7.0.0 < 7.24.0, patched 7.24.0
  • CVE-2026-1526: affected 7.0.0 < 7.24.0, patched 7.24.0

References

... (truncated)

Commits
  • 23e3cd3 Bumped v7.24.1
  • 3aedaa8 remove PLAN.md
  • 0d7ec33 fix: proto pollution (#4885)
  • 07a3906 Bumped v7.24.0 (#4887)
  • 74495c6 fix: reject duplicate content-length and host headers
  • 84235c6 Fix websocket 64-bit length overflow
  • 77594f9 fix: validate upgrade header to prevent CRLF injection
  • cb79c57 fix: validate server_max_window_bits range in permessage-deflate
  • 4147ce2 Merge commit '2ee00cb3'
  • 2ee00cb fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.


Updates svelte from 5.42.2 to 5.53.11

Release notes

Sourced from svelte's releases.

svelte@5.53.11

Patch Changes

  • fix: remove untrack circular dependency (#17910)

  • fix: recover from errors that leave a corrupted effect tree (#17888)

  • fix: properly lazily evaluate RHS when checking for assignment_value_stale (#17906)

  • fix: resolve boundary in correct batch when hydrating (#17914)

  • chore: rebase batches after process, not during (#17900)

svelte@5.53.10

Patch Changes

  • fix: re-process batch if new root effects were scheduled (#17895)

svelte@5.53.9

Patch Changes

  • fix: better bind:this cleanup timing (#17885)

svelte@5.53.8

Patch Changes

  • fix: {@html} no longer duplicates content inside contenteditable elements (#17853)

  • fix: don't access inert block effects (#17882)

  • fix: handle asnyc updates within pending boundary (#17873)

  • perf: avoid re-traversing the effect tree after $: assignments (#17848)

  • chore: simplify scheduling logic (#17805)

svelte@5.53.7

Patch Changes

  • fix: correctly add __svelte_meta after else-if chains (#17830)

  • perf: cache element interactivity and source line splitting in compiler (#17839)

  • chore: avoid rescheduling effects during branch commit (#17837)

  • perf: optimize CSS selector pruning (#17846)

  • fix: preserve original boundary errors when keyed each rows are removed during async updates (#17843)

  • perf: avoid O(n²) name scanning in scope generate and unique (#17844)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.53.11

Patch Changes

  • fix: remove untrack circular dependency (#17910)

  • fix: recover from errors that leave a corrupted effect tree (#17888)

  • fix: properly lazily evaluate RHS when checking for assignment_value_stale (#17906)

  • fix: resolve boundary in correct batch when hydrating (#17914)

  • chore: rebase batches after process, not during (#17900)

5.53.10

Patch Changes

  • fix: re-process batch if new root effects were scheduled (#17895)

5.53.9

Patch Changes

  • fix: better bind:this cleanup timing (#17885)

5.53.8

Patch Changes

  • fix: {@html} no longer duplicates content inside contenteditable elements (#17853)

  • fix: don't access inert block effects (#17882)

  • fix: handle asnyc updates within pending boundary (#17873)

  • perf: avoid re-traversing the effect tree after $: assignments (#17848)

  • chore: simplify scheduling logic (#17805)

5.53.7

Patch Changes

  • fix: correctly add __svelte_meta after else-if chains (#17830)

  • perf: cache element interactivity and source line splitting in compiler (#17839)

  • chore: avoid rescheduling effects during branch commit (#17837)

... (truncated)

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates devalue from 5.1.1 to 5.6.4

Release notes

Sourced from devalue's releases.

v5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

v5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

v5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

  • 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

... (truncated)

Changelog

Sourced from devalue's changelog.

5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.


Updates immutable from 5.0.3 to 5.1.5

Release notes

Sourced from immutable's releases.

v5.1.5

What's Changed

Full Changelog: https://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5

v5.1.4

What's Changed

Documentation

Internal

New Contributors

Full Changelog: https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4

v5.1.3

What's Changed

TypeScript

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples.

... (truncated)

Changelog

Sourced from immutable's changelog.

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Documentation

Internal

5.1.3

TypeScript

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: https://immutable-js.com/browser-extension/

Internal

5.1.2

... (truncated)

Commits
  • b37b855 5.1.5
  • 16b3313 Merge commit from fork
  • fd2ef49 fix new proto key injection
  • 6734b7b fix Prototype Pollution in mergeDeep, toJS, etc.
  • 6f772de Merge pull request #2175 from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0
  • 5f3dc61 Bump rollup from 4.34.8 to 4.59.0
  • 049a594 Merge pull request #2173 from immutable-js/dependabot/npm_and_yarn/lodash-4.1...
  • 2481a77 Merge pull request #2172 from mrazauskas/update-tstyche
  • eb04779 Bump lodash from 4.17.21 to 4.17.23
  • b973bf3 format
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for immutable since your current version.


Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

  • Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.
Commits

Updates qs from 6.13.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions

6.14.1

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

  • [Robustness] avoid .push, use void
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [actions] fix rebase workflow permissions

6.13.1

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup

... (truncated)

Commits
  • bdcf0c7 v6.14.2
  • 294db90 [readme] document that addQueryPrefix does not add ? to empty output
  • 5c308e5 [readme] clarify parseArrays and arrayLimit documentation
  • 6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
  • cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
  • febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
  • f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
  • fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
  • 1b9a8b4 [actions] fix rebase workflow permissions
  • 2a35775 [meta] fix changelog typo (arrayLengtharrayLimit)
  • Additional commits viewable in compare view

Updates rollup from 4.22.4 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

v4.58.0

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

v4.57.1

4.57.1

2026-01-30

Bug Fixes

  • Fix heap corruption issue in Windows (#6251)
  • Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/22660 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 3/14/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/npm_and_yarn-121023581f` --- ### 📝 Commits (1) - [`877b5c5`](https://github.com/open-webui/open-webui/commit/877b5c5ba6f3937a8818baed7068144b51f77e0d) chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates ### 📊 Changes **2 files changed** (+564 additions, -694 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+557 -687) 📝 `package.json` (+7 -7) </details> ### 📄 Description Bumps the npm_and_yarn group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [dompurify](https://github.com/cure53/DOMPurify) | `3.2.6` | `3.3.3` | | [jspdf](https://github.com/parallax/jsPDF) | `4.0.0` | `4.2.0` | | [undici](https://github.com/nodejs/undici) | `7.11.0` | `7.24.1` | | [undici](https://github.com/nodejs/undici) | `6.21.2` | `6.24.0` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.42.2` | `5.53.11` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [immutable](https://github.com/immutable-js/immutable-js) | `5.0.3` | `5.1.5` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.2` | | [rollup](https://github.com/rollup/rollup) | `4.22.4` | `4.59.0` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.11` | | [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` | Updates `dompurify` from 3.2.6 to 3.3.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.3.3</h2> <ul> <li>Fixed an engine requirement for Node 20 which caused hiccups, thanks <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> </ul> <h2>DOMPurify 3.3.2</h2> <ul> <li>Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters</li> <li>Fixed a prototype pollution issue when working with custom elements, thanks <a href="https://github.com/christos-eth"><code>@​christos-eth</code></a></li> <li>Fixed a lenient config parsing in <code>_isValidAttribute</code>, thanks <a href="https://github.com/christos-eth"><code>@​christos-eth</code></a></li> <li>Bumped and removed several dependencies, thanks <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> <li>Fixed the test suite after bumping dependencies, thanks <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> </ul> <h2>DOMPurify 3.3.1</h2> <ul> <li>Updated <code>ADD_FORBID_CONTENTS</code> setting to extend default list, thanks <a href="https://github.com/MariusRumpf"><code>@​MariusRumpf</code></a></li> <li>Updated the ESM import syntax to be more correct, thanks <a href="https://github.com/binhpv"><code>@​binhpv</code></a></li> </ul> <h2>DOMPurify 3.3.0</h2> <ul> <li>Added the SVG <code>mask-type</code> attribute to default allow-list, thanks <a href="https://github.com/prasadrajandran"><code>@​prasadrajandran</code></a></li> <li>Added support for <code>ADD_ATTR</code> and <code>ADD_TAGS</code> to accept functions, thanks <a href="https://github.com/nelstrom"><code>@​nelstrom</code></a></li> <li>Fixed an issue with the <code>slot</code> element being in both SVG and HTML allow-list, thanks <a href="https://github.com/Wim-Valgaeren"><code>@​Wim-Valgaeren</code></a></li> </ul> <h2>DOMPurify 3.2.7</h2> <ul> <li>Added new attributes and elements to default allow-list, thanks <a href="https://github.com/elrion018"><code>@​elrion018</code></a></li> <li>Added <code>tagName</code> parameter to custom element <code>attributeNameCheck</code>, thanks <a href="https://github.com/nelstrom"><code>@​nelstrom</code></a></li> <li>Added better check for animated <code>href</code> attributes, thanks <a href="https://github.com/llamakko"><code>@​llamakko</code></a></li> <li>Updated and improved the bundled types, thanks <a href="https://github.com/ssi02014"><code>@​ssi02014</code></a></li> <li>Updated several tests to better align with new browser encoding behaviors</li> <li>Improved the handling of potentially risky content inside CDATA elements, thanks <a href="https://github.com/securityMB"><code>@​securityMB</code></a> &amp; <a href="https://github.com/terjanq"><code>@​terjanq</code></a></li> <li>Improved the regular expression for raw-text elements to cover textareas, thanks <a href="https://github.com/securityMB"><code>@​securityMB</code></a> &amp; <a href="https://github.com/terjanq"><code>@​terjanq</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27"><code>8bcbf73</code></a> chore: Preparing 3.3.3 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c"><code>5faddd6</code></a> fix: engine requirement (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1210">#1210</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af"><code>0f91e3a</code></a> Update README.md</li> <li><a href="https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea"><code>d5ff1a8</code></a> Merge branch 'main' of github.com:cure53/DOMPurify</li> <li><a href="https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462"><code>c3efd48</code></a> fix: moved back from jsdom 28 to jsdom 20</li> <li><a href="https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885"><code>988b888</code></a> fix: moved back from jsdom 28 to jsdom 20</li> <li><a href="https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67"><code>2726c74</code></a> chore: Preparing 3.3.2 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1"><code>6202c7e</code></a> build(deps): bump <code>@​tootallnate/once</code> and jsdom (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1204">#1204</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80"><code>302b51d</code></a> fix: Expanded the regex ever so slightly to also cover script</li> <li><a href="https://github.com/cure53/DOMPurify/commit/cd85175da3c4614aeb0f1022f2a347e5e9bdd58b"><code>cd85175</code></a> Merge branch 'main' of github.com:cure53/DOMPurify</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.2.6...3.3.3">compare view</a></li> </ul> </details> <br /> Updates `jspdf` from 4.0.0 to 4.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/parallax/jsPDF/releases">jspdf's releases</a>.</em></p> <blockquote> <h2>v4.2.0</h2> <p>This release fixes three security issues.</p> <h2>What's Changed</h2> <ul> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m">PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton children)</a> vulnerability.</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj">Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions</a> vulnerability.</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp">PDF Object Injection via Unsanitized Input in addJS Method</a> vulnerability.</li> <li>Add &quot;default&quot; property to export section in package.json by <a href="https://github.com/stefan-schweiger"><code>@​stefan-schweiger</code></a> in <a href="https://redirect.github.com/parallax/jsPDF/pull/3953">parallax/jsPDF#3953</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/stefan-schweiger"><code>@​stefan-schweiger</code></a> made their first contribution in <a href="https://redirect.github.com/parallax/jsPDF/pull/3953">parallax/jsPDF#3953</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/parallax/jsPDF/compare/v4.1.0...v4.2.0">https://github.com/parallax/jsPDF/compare/v4.1.0...v4.2.0</a></p> <h2>v4.1.0</h2> <p>This release fixes several security issues.</p> <h2>What's Changed</h2> <ul> <li>Upgrade optional dompurify dependency to 3.3.1 in <a href="https://redirect.github.com/parallax/jsPDF/pull/3948">parallax/jsPDF#3948</a></li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328">PDF Injection in AcroForm module allows Arbitrary JavaScript Execution</a> vulnerability</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422">Stored XMP Metadata Injection (Spoofing &amp; Integrity Violation)</a> vulnerability</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4">Shared State Race Condition in addJS Method</a> vulnerability</li> <li>Fix <a href="https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c">Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder</a> vulnerability</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/parallax/jsPDF/compare/v4.0.0...v4.1.0">https://github.com/parallax/jsPDF/compare/v4.0.0...v4.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/parallax/jsPDF/commit/7af912cadaf0f9a2ad28afe7af53033a2c61de64"><code>7af912c</code></a> 4.2.0</li> <li><a href="https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437"><code>56b46d4</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"><code>2e5e156</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375"><code>71ad2db</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/885a7778070d500887c9a5d2b02b55460009a9d0"><code>885a777</code></a> fix: upgrade <code>@​babel/runtime</code> from 7.28.4 to 7.28.6 (<a href="https://redirect.github.com/parallax/jsPDF/issues/3954">#3954</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/3b92c7da6b3218e63a4f0c98bb9c4ddaba29eb06"><code>3b92c7d</code></a> Add default export to package.json (<a href="https://redirect.github.com/parallax/jsPDF/issues/3953">#3953</a>)</li> <li><a href="https://github.com/parallax/jsPDF/commit/02273814bf0222eda02944f9a14128811f3b5a33"><code>0227381</code></a> 4.1.0</li> <li><a href="https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d"><code>ae4b93f</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e"><code>2863e5c</code></a> Merge commit from fork</li> <li><a href="https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff"><code>efe54bf</code></a> Merge commit from fork</li> <li>Additional commits viewable in <a href="https://github.com/parallax/jsPDF/compare/v4.0.0...v4.2.0">compare view</a></li> </ul> </details> <br /> Updates `undici` from 7.11.0 to 7.24.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v7.24.1</h2> <h2>What's Changed</h2> <ul> <li>fix: <strong>proto</strong> pollution by <a href="https://github.com/rahulyadav5524"><code>@​rahulyadav5524</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4885">nodejs/undici#4885</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1">https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1</a></p> <h2>v7.24.0</h2> <h1>Undici v7.24.0 Security Release Notes</h1> <p>This release addresses multiple security vulnerabilities in Undici.</p> <h2>Upgrade guidance</h2> <p>All users on v7 should upgrade to <strong>v7.24.0</strong> or later.</p> <h2>Fixed advisories</h2> <ul> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm">GHSA-2mjp-6q6p-2qxm</a> / CVE-2026-1525 (Medium)<br /> Inconsistent interpretation of HTTP requests (request/response smuggling class issue).</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj">GHSA-f269-vfmq-vjvj</a> / CVE-2026-1528 (High)<br /> Malicious WebSocket 64-bit frame length handling could crash the client.</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h">GHSA-phc3-fgpg-7m6h</a> / CVE-2026-2581 (Medium)<br /> Unbounded memory consumption in deduplication interceptor response buffering (DoS risk).</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq">GHSA-4992-7rv2-5pvq</a> / CVE-2026-1527 (Medium)<br /> CRLF injection via the <code>upgrade</code> option.</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8">GHSA-v9p9-hfj2-hcw8</a> / CVE-2026-2229 (High)<br /> Unhandled exception from invalid <code>server_max_window_bits</code> in WebSocket permessage-deflate negotiation.</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q">GHSA-vrm6-8vpv-qv8q</a> / CVE-2026-1526 (High)<br /> Unbounded memory consumption in WebSocket permessage-deflate decompression.</p> </li> </ul> <h2>Affected and patched ranges</h2> <ul> <li>CVE-2026-1525: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-1528: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-2581: affected <code>&gt;= 7.17.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-1527: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-2229: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-1526: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> </ul> <h2>References</h2> <ul> <li>GitHub Security Advisories: <a href="https://github.com/nodejs/undici/security/advisories">https://github.com/nodejs/undici/security/advisories</a></li> <li>NVD CVE-2026-1525: <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1525">https://nvd.nist.gov/vuln/detail/CVE-2026-1525</a></li> <li>NVD CVE-2026-1528: <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1528">https://nvd.nist.gov/vuln/detail/CVE-2026-1528</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591"><code>23e3cd3</code></a> Bumped v7.24.1</li> <li><a href="https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566"><code>3aedaa8</code></a> remove PLAN.md</li> <li><a href="https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156"><code>0d7ec33</code></a> fix: <strong>proto</strong> pollution (<a href="https://redirect.github.com/nodejs/undici/issues/4885">#4885</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176"><code>07a3906</code></a> Bumped v7.24.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4887">#4887</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45"><code>74495c6</code></a> fix: reject duplicate content-length and host headers</li> <li><a href="https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417"><code>84235c6</code></a> Fix websocket 64-bit length overflow</li> <li><a href="https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae"><code>77594f9</code></a> fix: validate upgrade header to prevent CRLF injection</li> <li><a href="https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536"><code>cb79c57</code></a> fix: validate server_max_window_bits range in permessage-deflate</li> <li><a href="https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2"><code>4147ce2</code></a> Merge commit '2ee00cb3'</li> <li><a href="https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d"><code>2ee00cb</code></a> fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v7.11.0...v7.24.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for undici since your current version.</p> </details> <br /> Updates `undici` from 6.21.2 to 6.24.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v7.24.1</h2> <h2>What's Changed</h2> <ul> <li>fix: <strong>proto</strong> pollution by <a href="https://github.com/rahulyadav5524"><code>@​rahulyadav5524</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4885">nodejs/undici#4885</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1">https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1</a></p> <h2>v7.24.0</h2> <h1>Undici v7.24.0 Security Release Notes</h1> <p>This release addresses multiple security vulnerabilities in Undici.</p> <h2>Upgrade guidance</h2> <p>All users on v7 should upgrade to <strong>v7.24.0</strong> or later.</p> <h2>Fixed advisories</h2> <ul> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm">GHSA-2mjp-6q6p-2qxm</a> / CVE-2026-1525 (Medium)<br /> Inconsistent interpretation of HTTP requests (request/response smuggling class issue).</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj">GHSA-f269-vfmq-vjvj</a> / CVE-2026-1528 (High)<br /> Malicious WebSocket 64-bit frame length handling could crash the client.</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h">GHSA-phc3-fgpg-7m6h</a> / CVE-2026-2581 (Medium)<br /> Unbounded memory consumption in deduplication interceptor response buffering (DoS risk).</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq">GHSA-4992-7rv2-5pvq</a> / CVE-2026-1527 (Medium)<br /> CRLF injection via the <code>upgrade</code> option.</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8">GHSA-v9p9-hfj2-hcw8</a> / CVE-2026-2229 (High)<br /> Unhandled exception from invalid <code>server_max_window_bits</code> in WebSocket permessage-deflate negotiation.</p> </li> <li> <p><a href="https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q">GHSA-vrm6-8vpv-qv8q</a> / CVE-2026-1526 (High)<br /> Unbounded memory consumption in WebSocket permessage-deflate decompression.</p> </li> </ul> <h2>Affected and patched ranges</h2> <ul> <li>CVE-2026-1525: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-1528: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-2581: affected <code>&gt;= 7.17.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-1527: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-2229: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> <li>CVE-2026-1526: affected <code>7.0.0 &lt; 7.24.0</code>, patched <code>7.24.0</code></li> </ul> <h2>References</h2> <ul> <li>GitHub Security Advisories: <a href="https://github.com/nodejs/undici/security/advisories">https://github.com/nodejs/undici/security/advisories</a></li> <li>NVD CVE-2026-1525: <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1525">https://nvd.nist.gov/vuln/detail/CVE-2026-1525</a></li> <li>NVD CVE-2026-1528: <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1528">https://nvd.nist.gov/vuln/detail/CVE-2026-1528</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591"><code>23e3cd3</code></a> Bumped v7.24.1</li> <li><a href="https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566"><code>3aedaa8</code></a> remove PLAN.md</li> <li><a href="https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156"><code>0d7ec33</code></a> fix: <strong>proto</strong> pollution (<a href="https://redirect.github.com/nodejs/undici/issues/4885">#4885</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176"><code>07a3906</code></a> Bumped v7.24.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4887">#4887</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45"><code>74495c6</code></a> fix: reject duplicate content-length and host headers</li> <li><a href="https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417"><code>84235c6</code></a> Fix websocket 64-bit length overflow</li> <li><a href="https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae"><code>77594f9</code></a> fix: validate upgrade header to prevent CRLF injection</li> <li><a href="https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536"><code>cb79c57</code></a> fix: validate server_max_window_bits range in permessage-deflate</li> <li><a href="https://github.com/nodejs/undici/commit/4147ce21277b3566d02d3be789e5f7a490089db2"><code>4147ce2</code></a> Merge commit '2ee00cb3'</li> <li><a href="https://github.com/nodejs/undici/commit/2ee00cb322c76b0bf56829462d7c1dc53d1cbe3d"><code>2ee00cb</code></a> fix(websocket): add maxDecompressedMessageSize limit for permessage-deflate</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v7.11.0...v7.24.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for undici since your current version.</p> </details> <br /> Updates `svelte` from 5.42.2 to 5.53.11 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/svelte/releases">svelte's releases</a>.</em></p> <blockquote> <h2>svelte@5.53.11</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: remove <code>untrack</code> circular dependency (<a href="https://redirect.github.com/sveltejs/svelte/pull/17910">#17910</a>)</p> </li> <li> <p>fix: recover from errors that leave a corrupted effect tree (<a href="https://redirect.github.com/sveltejs/svelte/pull/17888">#17888</a>)</p> </li> <li> <p>fix: properly lazily evaluate RHS when checking for <code>assignment_value_stale</code> (<a href="https://redirect.github.com/sveltejs/svelte/pull/17906">#17906</a>)</p> </li> <li> <p>fix: resolve boundary in correct batch when hydrating (<a href="https://redirect.github.com/sveltejs/svelte/pull/17914">#17914</a>)</p> </li> <li> <p>chore: rebase batches after process, not during (<a href="https://redirect.github.com/sveltejs/svelte/pull/17900">#17900</a>)</p> </li> </ul> <h2>svelte@5.53.10</h2> <h3>Patch Changes</h3> <ul> <li>fix: re-process batch if new root effects were scheduled (<a href="https://redirect.github.com/sveltejs/svelte/pull/17895">#17895</a>)</li> </ul> <h2>svelte@5.53.9</h2> <h3>Patch Changes</h3> <ul> <li>fix: better <code>bind:this</code> cleanup timing (<a href="https://redirect.github.com/sveltejs/svelte/pull/17885">#17885</a>)</li> </ul> <h2>svelte@5.53.8</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: <code>{@html}</code> no longer duplicates content inside <code>contenteditable</code> elements (<a href="https://redirect.github.com/sveltejs/svelte/pull/17853">#17853</a>)</p> </li> <li> <p>fix: don't access inert block effects (<a href="https://redirect.github.com/sveltejs/svelte/pull/17882">#17882</a>)</p> </li> <li> <p>fix: handle asnyc updates within pending boundary (<a href="https://redirect.github.com/sveltejs/svelte/pull/17873">#17873</a>)</p> </li> <li> <p>perf: avoid re-traversing the effect tree after <code>$:</code> assignments (<a href="https://redirect.github.com/sveltejs/svelte/pull/17848">#17848</a>)</p> </li> <li> <p>chore: simplify scheduling logic (<a href="https://redirect.github.com/sveltejs/svelte/pull/17805">#17805</a>)</p> </li> </ul> <h2>svelte@5.53.7</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: correctly add __svelte_meta after else-if chains (<a href="https://redirect.github.com/sveltejs/svelte/pull/17830">#17830</a>)</p> </li> <li> <p>perf: cache element interactivity and source line splitting in compiler (<a href="https://redirect.github.com/sveltejs/svelte/pull/17839">#17839</a>)</p> </li> <li> <p>chore: avoid rescheduling effects during branch commit (<a href="https://redirect.github.com/sveltejs/svelte/pull/17837">#17837</a>)</p> </li> <li> <p>perf: optimize CSS selector pruning (<a href="https://redirect.github.com/sveltejs/svelte/pull/17846">#17846</a>)</p> </li> <li> <p>fix: preserve original boundary errors when keyed each rows are removed during async updates (<a href="https://redirect.github.com/sveltejs/svelte/pull/17843">#17843</a>)</p> </li> <li> <p>perf: avoid O(n²) name scanning in scope <code>generate</code> and <code>unique</code> (<a href="https://redirect.github.com/sveltejs/svelte/pull/17844">#17844</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md">svelte's changelog</a>.</em></p> <blockquote> <h2>5.53.11</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: remove <code>untrack</code> circular dependency (<a href="https://redirect.github.com/sveltejs/svelte/pull/17910">#17910</a>)</p> </li> <li> <p>fix: recover from errors that leave a corrupted effect tree (<a href="https://redirect.github.com/sveltejs/svelte/pull/17888">#17888</a>)</p> </li> <li> <p>fix: properly lazily evaluate RHS when checking for <code>assignment_value_stale</code> (<a href="https://redirect.github.com/sveltejs/svelte/pull/17906">#17906</a>)</p> </li> <li> <p>fix: resolve boundary in correct batch when hydrating (<a href="https://redirect.github.com/sveltejs/svelte/pull/17914">#17914</a>)</p> </li> <li> <p>chore: rebase batches after process, not during (<a href="https://redirect.github.com/sveltejs/svelte/pull/17900">#17900</a>)</p> </li> </ul> <h2>5.53.10</h2> <h3>Patch Changes</h3> <ul> <li>fix: re-process batch if new root effects were scheduled (<a href="https://redirect.github.com/sveltejs/svelte/pull/17895">#17895</a>)</li> </ul> <h2>5.53.9</h2> <h3>Patch Changes</h3> <ul> <li>fix: better <code>bind:this</code> cleanup timing (<a href="https://redirect.github.com/sveltejs/svelte/pull/17885">#17885</a>)</li> </ul> <h2>5.53.8</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: <code>{@html}</code> no longer duplicates content inside <code>contenteditable</code> elements (<a href="https://redirect.github.com/sveltejs/svelte/pull/17853">#17853</a>)</p> </li> <li> <p>fix: don't access inert block effects (<a href="https://redirect.github.com/sveltejs/svelte/pull/17882">#17882</a>)</p> </li> <li> <p>fix: handle asnyc updates within pending boundary (<a href="https://redirect.github.com/sveltejs/svelte/pull/17873">#17873</a>)</p> </li> <li> <p>perf: avoid re-traversing the effect tree after <code>$:</code> assignments (<a href="https://redirect.github.com/sveltejs/svelte/pull/17848">#17848</a>)</p> </li> <li> <p>chore: simplify scheduling logic (<a href="https://redirect.github.com/sveltejs/svelte/pull/17805">#17805</a>)</p> </li> </ul> <h2>5.53.7</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: correctly add __svelte_meta after else-if chains (<a href="https://redirect.github.com/sveltejs/svelte/pull/17830">#17830</a>)</p> </li> <li> <p>perf: cache element interactivity and source line splitting in compiler (<a href="https://redirect.github.com/sveltejs/svelte/pull/17839">#17839</a>)</p> </li> <li> <p>chore: avoid rescheduling effects during branch commit (<a href="https://redirect.github.com/sveltejs/svelte/pull/17837">#17837</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/svelte/commit/bd433c5ceb74e4b966ff901432078ab366142bb2"><code>bd433c5</code></a> Version Packages (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17901">#17901</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/7c9ff8fc697a0723129d781e5bf116cf38e016f6"><code>7c9ff8f</code></a> fix: resolve boundary in correct batch when hydrating (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17914">#17914</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/667896a753031b5d58157feb4b4eb7df49222ac0"><code>667896a</code></a> fix: recover from errors that leave a corrupted effect tree (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17888">#17888</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/e4e089310d0fdf2b7dece779b58048e71c6ac02c"><code>e4e0893</code></a> fix: remove <code>untrack</code> circular dependency (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17910">#17910</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/58f161dee2e59c79412e3906b17c1f05a119f193"><code>58f161d</code></a> fix: properly lazily evaluate RHS when checking for assignment_value_stale (#...</li> <li><a href="https://github.com/sveltejs/svelte/commit/0e8f49b25fbb11bf0bf9378b9423feeb0176f316"><code>0e8f49b</code></a> chore: rebase batches after process, not during (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17900">#17900</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/72cd247c33ed5a2c9f0f952979336a3996617e1c"><code>72cd247</code></a> Version Packages (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17896">#17896</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/342d8568f118e91375a452991335c9a89af8afee"><code>342d856</code></a> fix: re-process batch if new root effects were scheduled (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17895">#17895</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/d54361b97f344300e599eea4ad538cd2ab78594d"><code>d54361b</code></a> Version Packages (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17886">#17886</a>)</li> <li><a href="https://github.com/sveltejs/svelte/commit/be36c934c4ed5d6e43818a7b1ff6cdb7ecb65412"><code>be36c93</code></a> fix: better <code>bind:this</code> cleanup timing (<a href="https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/17885">#17885</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sveltejs/svelte/commits/svelte@5.53.11/packages/svelte">compare view</a></li> </ul> </details> <br /> Updates `minimatch` from 3.1.2 to 3.1.5 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712"><code>7bba978</code></a> 3.1.5</li> <li><a href="https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d"><code>bd25942</code></a> docs: add warning about ReDoS</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d"><code>1a9c27c</code></a> fix partial matching of globstar patterns</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23"><code>1a2e084</code></a> 3.1.4</li> <li><a href="https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47"><code>ae24656</code></a> update lockfile</li> <li><a href="https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e"><code>b100374</code></a> limit recursion for **, improve perf considerably</li> <li><a href="https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13"><code>26ffeaa</code></a> lockfile update</li> <li><a href="https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb"><code>9eca892</code></a> lock node version to 14</li> <li><a href="https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a"><code>00c323b</code></a> 3.1.3</li> <li><a href="https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b"><code>30486b2</code></a> update CI matrix and actions</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5">compare view</a></li> </ul> </details> <br /> Updates `devalue` from 5.1.1 to 5.6.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/devalue/releases">devalue's releases</a>.</em></p> <blockquote> <h2>v5.6.4</h2> <h3>Patch Changes</h3> <ul> <li> <p>87c1f3c: fix: reject <code>__proto__</code> keys in malformed <code>Object</code> wrapper payloads</p> <p>This validates the <code>&quot;Object&quot;</code> parse path and throws when the wrapped value has an own <code>__proto__</code> key.</p> </li> <li> <p>40f1db1: fix: ensure sparse array indices are integers</p> </li> <li> <p>87c1f3c: fix: disallow <code>__proto__</code> keys in null-prototype object parsing</p> <p>This disallows <code>__proto__</code> keys in the <code>&quot;null&quot;</code> parse path so null-prototype object hydration cannot carry that key through parse/unflatten.</p> </li> </ul> <h2>v5.6.3</h2> <h3>Patch Changes</h3> <ul> <li>0f04d4d: fix: Properly handle <code>__proto__</code></li> <li>819f1ac: fix: better encoding for sparse arrays</li> </ul> <h2>v5.6.2</h2> <h3>Patch Changes</h3> <ul> <li>1175584: fix: validate input for <code>ArrayBuffer</code> parsing</li> <li>e46afa6: fix: validate input for typed arrays</li> <li>1175584: fix: more helpful errors for inputs causing stack overflows</li> </ul> <h2>v5.6.1</h2> <h3>Patch Changes</h3> <ul> <li>2161d44: fix: add hasOwn check before calling reviver</li> </ul> <h2>v5.6.0</h2> <h3>Minor Changes</h3> <ul> <li>a3d09d4: feat: expose <code>DevalueError</code> for <code>instanceof</code> checks in <code>catch</code> clauses</li> <li>a3d09d4: feat: add <code>value</code> and <code>root</code> properties in <code>DevalueError</code> instances</li> </ul> <h2>v5.5.0</h2> <h3>Minor Changes</h3> <ul> <li>828fa1c: Enable support for custom reducer/reviver for &quot;function&quot; values</li> </ul> <h2>v5.4.2</h2> <h3>Patch Changes</h3> <ul> <li>5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers</li> </ul> <h2>v5.4.1</h2> <h3>Patch Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md">devalue's changelog</a>.</em></p> <blockquote> <h2>5.6.4</h2> <h3>Patch Changes</h3> <ul> <li> <p>87c1f3c: fix: reject <code>__proto__</code> keys in malformed <code>Object</code> wrapper payloads</p> <p>This validates the <code>&quot;Object&quot;</code> parse path and throws when the wrapped value has an own <code>__proto__</code> key.</p> </li> <li> <p>40f1db1: fix: ensure sparse array indices are integers</p> </li> <li> <p>87c1f3c: fix: disallow <code>__proto__</code> keys in null-prototype object parsing</p> <p>This disallows <code>__proto__</code> keys in the <code>&quot;null&quot;</code> parse path so null-prototype object hydration cannot carry that key through parse/unflatten.</p> </li> </ul> <h2>5.6.3</h2> <h3>Patch Changes</h3> <ul> <li>0f04d4d: fix: Properly handle <code>__proto__</code></li> <li>819f1ac: fix: better encoding for sparse arrays</li> </ul> <h2>5.6.2</h2> <h3>Patch Changes</h3> <ul> <li>1175584: fix: validate input for <code>ArrayBuffer</code> parsing</li> <li>e46afa6: fix: validate input for typed arrays</li> <li>1175584: fix: more helpful errors for inputs causing stack overflows</li> </ul> <h2>5.6.1</h2> <h3>Patch Changes</h3> <ul> <li>2161d44: fix: add hasOwn check before calling reviver</li> </ul> <h2>5.6.0</h2> <h3>Minor Changes</h3> <ul> <li>a3d09d4: feat: expose <code>DevalueError</code> for <code>instanceof</code> checks in <code>catch</code> clauses</li> <li>a3d09d4: feat: add <code>value</code> and <code>root</code> properties in <code>DevalueError</code> instances</li> </ul> <h2>5.5.0</h2> <h3>Minor Changes</h3> <ul> <li>828fa1c: Enable support for custom reducer/reviver for &quot;function&quot; values</li> </ul> <h2>5.4.2</h2> <h3>Patch Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/devalue/commit/6cbb3f51258e01d7769e2b3d77b6ce9ed060804b"><code>6cbb3f5</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/133">#133</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/40f1db13afdd65c8e2ebd02f684276c273ef81b0"><code>40f1db1</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/87c1f3ce3759765a061cfe34843ecc4b0711ba8d"><code>87c1f3c</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/a4a37d208a4d1bdd0d58c82e5644c87cab855259"><code>a4a37d2</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/132">#132</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/819f1ac7475ab37547645cfb09bf2f678a799cf0"><code>819f1ac</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/0f04d4d678eac39ad5d7a07d1956275d7874e81c"><code>0f04d4d</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/fcf4e88275f2e2e45b9ea70ffaa5247c8f55f057"><code>fcf4e88</code></a> fix tests</li> <li><a href="https://github.com/sveltejs/devalue/commit/1d8a5ea5863bcd9992755ce5a3842265753cb4ab"><code>1d8a5ea</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/131">#131</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4"><code>1175584</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/e46afa64dd2b25aa35fb905ba5d20cea63aabbf7"><code>e46afa6</code></a> Merge commit from fork</li> <li>Additional commits viewable in <a href="https://github.com/sveltejs/devalue/compare/v5.1.1...v5.6.4">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for devalue since your current version.</p> </details> <br /> Updates `immutable` from 5.0.3 to 5.1.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/immutable-js/immutable-js/releases">immutable's releases</a>.</em></p> <blockquote> <h2>v5.1.5</h2> <h2>What's Changed</h2> <ul> <li>Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable</li> <li>Upgrade devtools and use immutable version by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2158">immutable-js/immutable-js#2158</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5">https://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5</a></p> <h2>v5.1.4</h2> <h2>What's Changed</h2> <ul> <li>Migrate some files to TS by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2125">immutable-js/immutable-js#2125</a> <ul> <li>Iterator.ts</li> <li>PairSorting.ts</li> <li>toJS.ts</li> <li>Math.ts</li> <li>Hash.ts</li> </ul> </li> <li>Extract CollectionHelperMethods and convert to TS by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2131">immutable-js/immutable-js#2131</a></li> <li>Use npm <a href="https://docs.npmjs.com/trusted-publishers">trusted publishing only</a> to avoid token stealing.</li> </ul> <h3>Documentation</h3> <ul> <li>Fix/a11y issues by <a href="https://github.com/lyannel"><code>@​lyannel</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2136">immutable-js/immutable-js#2136</a></li> <li>Doc add Map.get signature update by <a href="https://github.com/borracciaBlu"><code>@​borracciaBlu</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2138">immutable-js/immutable-js#2138</a></li> <li>fix(doc):minor-issues#2132 by <a href="https://github.com/JayMeDotDot"><code>@​JayMeDotDot</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2133">immutable-js/immutable-js#2133</a></li> <li>Fix algolia search by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2135">immutable-js/immutable-js#2135</a></li> <li>Typo in OrderedMap by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2144">immutable-js/immutable-js#2144</a></li> </ul> <h3>Internal</h3> <ul> <li>chore: Sort all imports and activate eslint import rule by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2119">immutable-js/immutable-js#2119</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/JayMeDotDot"><code>@​JayMeDotDot</code></a> made their first contribution in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2133">immutable-js/immutable-js#2133</a></li> <li><a href="https://github.com/lyannel"><code>@​lyannel</code></a> made their first contribution in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2136">immutable-js/immutable-js#2136</a></li> <li><a href="https://github.com/borracciaBlu"><code>@​borracciaBlu</code></a> made their first contribution in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2138">immutable-js/immutable-js#2138</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4">https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4</a></p> <h2>v5.1.3</h2> <h2>What's Changed</h2> <h3>TypeScript</h3> <ul> <li>fix: allow readonly map entry constructor by <a href="https://github.com/septs"><code>@​septs</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2123">immutable-js/immutable-js#2123</a></li> </ul> <h3>Documentation</h3> <p>There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md">immutable's changelog</a>.</em></p> <blockquote> <h2>5.1.5</h2> <ul> <li>Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable</li> </ul> <h2>5.1.4</h2> <ul> <li>Migrate some files to TS by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2125">immutable-js/immutable-js#2125</a> <ul> <li>Iterator.ts</li> <li>PairSorting.ts</li> <li>toJS.ts</li> <li>Math.ts</li> <li>Hash.ts</li> </ul> </li> <li>Extract CollectionHelperMethods and convert to TS by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2131">immutable-js/immutable-js#2131</a></li> <li>Use npm <a href="https://docs.npmjs.com/trusted-publishers">trusted publishing only</a> to avoid token stealing.</li> </ul> <h3>Documentation</h3> <ul> <li>Fix/a11y issues by <a href="https://github.com/lyannel"><code>@​lyannel</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2136">immutable-js/immutable-js#2136</a></li> <li>Doc add Map.get signature update by <a href="https://github.com/borracciaBlu"><code>@​borracciaBlu</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2138">immutable-js/immutable-js#2138</a></li> <li>fix(doc):minor-issues#2132 by <a href="https://github.com/JayMeDotDot"><code>@​JayMeDotDot</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2133">immutable-js/immutable-js#2133</a></li> <li>Fix algolia search by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2135">immutable-js/immutable-js#2135</a></li> <li>Typo in OrderedMap by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2144">immutable-js/immutable-js#2144</a></li> </ul> <h3>Internal</h3> <ul> <li>chore: Sort all imports and activate eslint import rule by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2119">immutable-js/immutable-js#2119</a></li> </ul> <h2>5.1.3</h2> <h3>TypeScript</h3> <ul> <li>fix: allow readonly map entry constructor by <a href="https://github.com/septs"><code>@​septs</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2123">immutable-js/immutable-js#2123</a></li> </ul> <h3>Documentation</h3> <p>There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: <a href="https://immutable-js.com/browser-extension/">https://immutable-js.com/browser-extension/</a></p> <h3>Internal</h3> <ul> <li>replace rimraf by a node script by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2113">immutable-js/immutable-js#2113</a></li> <li>remove warning for tseslint config by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2114">immutable-js/immutable-js#2114</a></li> <li>Use default tsconfig for tests by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2055">immutable-js/immutable-js#2055</a></li> <li>add tests for arrCopy by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a> in <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2120">immutable-js/immutable-js#2120</a></li> </ul> <h2>5.1.2</h2> <ul> <li>Revert previous assertion as it introduced a regression <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2102">#2102</a> by <a href="https://github.com/giggo1604"><code>@​giggo1604</code></a></li> <li>Merge should work with empty record <a href="https://redirect.github.com/immutable-js/immutable-js/pull/2103">#2103</a> by <a href="https://github.com/jdeniau"><code>@​jdeniau</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/immutable-js/immutable-js/commit/b37b85568632227751ddc8a16034cacc0f42b652"><code>b37b855</code></a> 5.1.5</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/16b3313fdf2c5f579f10799e22869f6909abf945"><code>16b3313</code></a> Merge commit from fork</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/fd2ef4977ee654c5bf26368dbf2f983c8d679bd6"><code>fd2ef49</code></a> fix new proto key injection</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/6734b7b2af7e9dadf517eb9473cc64d2dfe2e301"><code>6734b7b</code></a> fix Prototype Pollution in mergeDeep, toJS, etc.</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/6f772de1e44dcde14128e48d19081a7a077f2162"><code>6f772de</code></a> Merge pull request <a href="https://redirect.github.com/immutable-js/immutable-js/issues/2175">#2175</a> from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/5f3dc61fd0e231654f04a850b8764e7e864c54b3"><code>5f3dc61</code></a> Bump rollup from 4.34.8 to 4.59.0</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/049a594410962c13dfd0f2d0bf0ef2154271079e"><code>049a594</code></a> Merge pull request <a href="https://redirect.github.com/immutable-js/immutable-js/issues/2173">#2173</a> from immutable-js/dependabot/npm_and_yarn/lodash-4.1...</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/2481a77331122eea4ace8afd4842042c6ae7510c"><code>2481a77</code></a> Merge pull request <a href="https://redirect.github.com/immutable-js/immutable-js/issues/2172">#2172</a> from mrazauskas/update-tstyche</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/eb047790b44dac8e5ace49529a5c9928edfc8e12"><code>eb04779</code></a> Bump lodash from 4.17.21 to 4.17.23</li> <li><a href="https://github.com/immutable-js/immutable-js/commit/b973bf3b6242c9966143169825e1e14248c07c31"><code>b973bf3</code></a> format</li> <li>Additional commits viewable in <a href="https://github.com/immutable-js/immutable-js/compare/v5.0.3...v5.1.5">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for immutable since your current version.</p> </details> <br /> Updates `js-yaml` from 4.1.0 to 4.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (&lt;&lt;) operator.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a"><code>cc482e7</code></a> 4.1.1 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f"><code>50968b8</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b"><code>d092d86</code></a> lint fix</li> <li><a href="https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"><code>383665f</code></a> fix prototype pollution in merge (&lt;&lt;)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976"><code>0d3ca7a</code></a> README.md: HTTP =&gt; HTTPS (<a href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li> <li><a href="https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b"><code>49baadd</code></a> doc: 'empty' style option for !!null</li> <li><a href="https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce"><code>ba3460e</code></a> Fix demo link (<a href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare view</a></li> </ul> </details> <br /> Updates `markdown-it` from 14.1.0 to 14.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md">markdown-it's changelog</a>.</em></p> <blockquote> <h2>[14.1.1] - 2026-01-11</h2> <h3>Security</h3> <ul> <li>Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to <a href="https://github.com/ltduc147"><code>@​ltduc147</code></a> for report.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/markdown-it/markdown-it/commit/b4a9b659ef5734223731cfaa3ad5eacc6fc22918"><code>b4a9b65</code></a> 14.1.1 released</li> <li><a href="https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26"><code>4b4bbca</code></a> Fixed perf regression in linkify-it wrapper</li> <li><a href="https://github.com/markdown-it/markdown-it/commit/d2782d892a51201b25d3eeab172201ad5a53a24c"><code>d2782d8</code></a> Add supplementary example-driven documentation (<a href="https://redirect.github.com/markdown-it/markdown-it/issues/1092">#1092</a>)</li> <li>See full diff in <a href="https://github.com/markdown-it/markdown-it/compare/14.1.0...14.1.1">compare view</a></li> </ul> </details> <br /> Updates `qs` from 6.13.0 to 6.14.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.2</strong></h2> <ul> <li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li> <li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li> <li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li> <li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li> <li>[Robustness] avoid <code>.push</code>, use <code>void</code></li> <li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li> <li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li> <li>[readme] replace runkit CI badge with shields.io check-runs badge</li> <li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>[actions] fix rebase workflow permissions</li> </ul> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.3</strong></h2> <p>[Fix] fix regressions from robustness refactor [actions] update reusable workflows</p> <h2><strong>6.13.2</strong></h2> <ul> <li>[Robustness] avoid <code>.push</code>, use <code>void</code></li> <li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li> <li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li> <li>[readme] replace runkit CI badge with shields.io check-runs badge</li> <li>[actions] fix rebase workflow permissions</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b"><code>bdcf0c7</code></a> v6.14.2</li> <li><a href="https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2"><code>294db90</code></a> [readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output</li> <li><a href="https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6"><code>5c308e5</code></a> [readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation</li> <li><a href="https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc"><code>6addf8c</code></a> [Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code></li> <li><a href="https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf"><code>cfc108f</code></a> [Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/`pars...</li> <li><a href="https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77"><code>febb644</code></a> [Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when `thr...</li> <li><a href="https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482"><code>f6a7abf</code></a> [Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li><a href="https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a"><code>fbc5206</code></a> [Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove e...</li> <li><a href="https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a"><code>1b9a8b4</code></a> [actions] fix rebase workflow permissions</li> <li><a href="https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda"><code>2a35775</code></a> [meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.2">compare view</a></li> </ul> </details> <br /> Updates `rollup` from 4.22.4 to 4.59.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/releases">rollup's releases</a>.</em></p> <blockquote> <h2>v4.59.0</h2> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>v4.58.0</h2> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6256">#6256</a>: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (<a href="https://github.com/njg7194"><code>@​njg7194</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6259">#6259</a>: docs: Correct typo and improve sentence structure in docs for <code>output.experimentalMinChunkSize</code> (<a href="https://github.com/millerick"><code>@​millerick</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6260">#6260</a>: fix(deps): update rust crate swc_compiler_base to v47 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6261">#6261</a>: fix(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6262">#6262</a>: Avoid unnecessary cloning of the code string (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6263">#6263</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6265">#6265</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6267">#6267</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6268">#6268</a>: chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6269">#6269</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6270">#6270</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6272">#6272</a>: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (<a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <h2>v4.57.1</h2> <h2>4.57.1</h2> <p><em>2026-01-30</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix heap corruption issue in Windows (<a href="https://redirect.github.com/rollup/rollup/issues/6251">#6251</a>)</li> <li>Ensure exports of a dynamic import are fully included when called from a try...catch (<a href="https://redirect.github.com/rollup/rollup/issues/6254">#6254</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6251">#6251</a>: fix: Isolate and cache <code>process.report.getReport()</code> calls in a child process for robust environment detection (<a href="https://github.com/alan-agius4"><code>@​alan-agius4</code></a>, <a href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/blob/master/CHANGELOG.md">rollup's changelog</a>.</em></p> <blockquote> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276<... _Description has been truncated_ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-13 16:02:44 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#81675