chore(deps): bump the npm_and_yarn group across 6 directories with 27 updates by dependabot[bot] · Pull Request #2 · sizzlebop/stream-chat-react

dependabot · 2026-02-19T12:39:13Z

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package	From	To
linkifyjs	`4.1.0`	`4.3.2`
nanoid	`3.3.4`	`3.3.8`
esbuild	`0.23.1`	`0.25.0`
axios	`1.6.0`	`1.13.5`
diff	`5.2.0`	`5.2.2`
express	`4.18.2`	`4.22.1`
jws	`3.2.2`	`3.2.3`
lodash	`4.17.21`	`4.17.23`
mdast-util-to-hast	`13.2.0`	`13.2.1`
postcss	`8.4.21`	`8.5.6`
rollup	`2.79.1`	`2.79.2`

Bumps the npm_and_yarn group with 10 updates in the /examples/capacitor directory:

Package	From	To
@babel/runtime	`7.17.7`	`7.28.6`
braces	`3.0.2`	`3.0.3`
express	`4.18.3`	`4.22.1`
follow-redirects	`1.14.9`	`1.15.11`
form-data	`3.0.1`	`3.0.4`
lodash	`4.17.21`	`4.17.23`
mdast-util-to-hast	`13.1.0`	`13.2.1`
rollup	`2.79.1`	`2.79.2`
node-forge	`1.3.1`	`1.3.3`
webpack	`5.90.3`	`5.105.2`

Bumps the npm_and_yarn group with 9 updates in the /examples/nextjs directory:

Package	From	To
diff	`3.5.0`	`3.5.1`
express	`4.17.1`	`4.22.1`
follow-redirects	`1.13.3`	`1.15.11`
js-yaml	`3.14.1`	`3.14.2`
lodash	`4.17.21`	`4.17.23`
mdast-util-to-hast	`13.2.0`	`13.2.1`
tar	`4.4.13`	`4.4.19`
next	`12.0.9`	`15.5.10`
pbkdf2	`3.1.1`	`3.1.5`

Bumps the npm_and_yarn group with 10 updates in the /examples/tutorial directory:

Package	From	To
axios	`1.9.0`	`1.13.5`
body-parser	`2.2.0`	`2.2.2`
express	`5.1.0`	`5.2.1`
js-yaml	`4.1.0`	`4.1.1`
jws	`3.2.2`	`3.2.3`
lodash	`4.17.21`	`4.17.23`
mdast-util-to-hast	`13.2.0`	`13.2.1`
qs	`6.14.0`	`6.15.0`
vite	`6.3.5`	`6.4.1`
@modelcontextprotocol/sdk	`1.11.0`	`1.26.0`

Bumps the npm_and_yarn group with 10 updates in the /examples/typescript directory:

Package	From	To
@babel/runtime	`7.14.6`	`7.28.6`
braces	`3.0.2`	`3.0.3`
express	`4.18.2`	`4.22.1`
follow-redirects	`1.14.1`	`1.15.11`
form-data	`3.0.1`	`3.0.4`
lodash	`4.17.21`	`4.17.23`
mdast-util-to-hast	`13.1.0`	`13.2.1`
rollup	`2.79.1`	`2.79.2`
node-forge	`1.3.1`	`1.3.3`
webpack	`5.90.1`	`5.105.2`

Bumps the npm_and_yarn group with 4 updates in the /examples/vite directory: @babel/runtime, js-yaml, mdast-util-to-hast and vite.

Updates linkifyjs from 4.1.0 to 4.3.2

Release notes

Sourced from linkifyjs's releases.

v4.3.2

What's Changed

Use Object.assign instead of custom assign function by @nfrasser in nfrasser/linkifyjs#518

Full Changelog: nfrasser/linkifyjs@v4.3.1...v4.3.2

v4.3.1

What's Changed

Use correct simple-html-tokenizer version for linkify-html

Full Changelog: nfrasser/linkifyjs@v4.3.0...v4.3.1

v4.3.0

What's Changed

Fix: allow apostrophe in URL by @patrickReiis in nfrasser/linkifyjs#504

Fix tokenizing of comments starting or ending with more than two -- by @hrb-hub in nfrasser/simple-html-tokenizer#1

Update dependencies by @nfrasser in nfrasser/linkifyjs#513

Rename dist file .cjs.js and .es.js extensions to .cjs and .mjs, respectively

Full Changelog: nfrasser/linkifyjs@v4.2.0...v4.3.0

v4.2.0

What's Changed

Correctly sanitize object replacement character by treating as whitespace in nfrasser/linkifyjs#497

Avoid detecting invalid URLs with numbers around boundaries in nfrasser/linkifyjs#498

Prevent delimiter apostrophes from being included in URLs in nfrasser/linkifyjs#499

Correctly interpret \r\n as newline character in nfrasser/linkifyjs#500

Correctly interpret emoji followed by # sign in nfrasser/linkifyjs#501

Fix support for domain names with multiple hyphens in nfrasser/linkifyjs#502

Fix parsing for magnet links in nfrasser/linkifyjs#503

Full Changelog: nfrasser/linkifyjs@v4.1.4...v4.2.0

v4.1.4

What's Changed

Fix hashtag plugin: add support for full width middle dot ・ by @yuiseki in nfrasser/linkifyjs#492

Update CI matrices and other chores by @nfrasser in nfrasser/linkifyjs#494

New Contributors

@yuiseki made their first contribution in nfrasser/linkifyjs#492

Full Changelog: nfrasser/linkifyjs@v4.1.3...v4.1.4

v4.1.3

What's Changed

Add support for fullwidth parentheses by @weii41392 in Hypercontext/linkifyjs#461

linkify-html: don't convert & -> & by @nfrasser in Hypercontext/linkifyjs#462

... (truncated)

Changelog

Sourced from linkifyjs's changelog.

v4.3.2

Replace assign helper with Object.assign to avoid prototype pollution

v4.3.1

Use correct simple-html-tokenizer version for linkify-html

v4.3.0

HTML comments opened or closed with 3 dashes tokenized correctly

Restore support for delimiter apostrophes in URLs

Rename dist file .cjs.js and .es.js extensions to .cjs and .mjs, respectively

v4.2.0

Correctly sanitize object replacement character by treating as whitespace

Avoid detecting invalid URLs with numbers around boundaries

Prevent delimiter apostrophes from being included in URLs

Correctly interpret \r\n as newline character

Correctly interpret emoji followed by # sign

Fix support for domain names with multiple hyphens

Fix parsing for magnet links

v4.1.4

Add support for full width middle dot ・ in hashtag plugin

Development updates for newest Node.js versions

v4.1.3

Fix HTML entity & symbol double-encoding in linkify-html

Support for full-width brackets, full-width less-than/greater-than signs and corner bracket as delimiters

v4.1.2

Ensure linkify.find respects validate option

v4.1.1

Slightly simpler TLDs encoding/parsing

Fix jsdoc in linkify-react

Improved parsing of URLs with symbols

Ensure function options get called with unformatted href

Commits

3abe9ab v4.3.2
931d3e2 Use Object.assign instead of custom assign function (#518)
45bc27e v4.3.1
251a5c6 v4.3.0
359ed4e Update dependencies (#513)
c4bdf85 Revert "Don't allow apostrophe in URLs (#499)" (#504)
86e977c v4.2.0
606feca Allow parsing magnet links (#503)
9183db6 Support for domain names with two hyphens (#502)
09ec1d8 Correctly interpret emoji followed by pound (#501)
Additional commits viewable in compare view

Updates nanoid from 3.3.4 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

3.3.7

Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

Fixed package.

3.3.5

Backport funding information.

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
89d82d2 Release 3.3.7 version
5022c35 Update dual-publish
3e7a8e5 Remove benchmark from CI for v3
d356144 Fix CI for v3
37b25df Move to pnpm 8
d96f392 Release 3.3.6 version
8210dfb Release 3.3.5 version
Additional commits viewable in compare view

Updates esbuild from 0.23.1 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.
Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

Thanks to @sapphi-red for reporting this issue.

Delete output files when a build fails in watch mode (#3643)

It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.
Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

This release fixes the following problems:
Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.
/* Original code */
.parent {
  > .a,
  > .b1 > .b2 {
    color: red;
  }
}
/* Old output (with --supported:nesting=false) */
.parent > :is(.a, .b1 > .b2) {
color: red;
}
/* New output (with --supported:nesting=false) */
.parent > .a,
.parent > .b1 > .b2 {
color: red;
}
Thanks to @tim-we for working on a fix.
The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work correctly:
/* Original code (color should be red) */

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

Fix regression with --define and import.meta (#4010, #4012, #4013)

The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

This fix was contributed by @sapphi-red.

0.24.1
Allow es2024 as a target in tsconfig.json (#4004)

TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:
{
  "compilerOptions": {
    "target": "ES2024"
  }
}
As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

This fix was contributed by @billyjanitsch.
Allow automatic semicolon insertion after get/set

This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:
class Foo {
  get
  *x() {}
  set
  *y() {}
}
The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.
Allow quoted property names in --define and --pure (#4008)

The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits

e9174d6 publish 0.25.0 to npm
c27dbeb fix hosts in plugin-tests.js
6794f60 fix hosts in node-unref-tests.js
de85afd Merge commit from fork
da1de1b fix #4065: bitwise operators can return bigints
f4e9d19 switch case liveness: default is always last
7aa47c3 fix #4028: minify live/dead switch cases better
22ecd30 minify: more constant folding for strict equality
4cdf03c fix #4053: reordering of .tsx in node_modules
dc71977 fix #3692: 0 now picks a random ephemeral port
Additional commits viewable in compare view

Updates axios from 1.6.0 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates diff from 5.2.0 to 5.2.2

Changelog

Sourced from diff's changelog.

v5.2.2 - January 2026

Only change from 5.2.0 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v5.2.1 (deprecated)

Accidental release - do not use.

Commits

b7b6339 v5.2.2
b5377ab Update package version to 5.2.1
7801789 Backport kpdecker/jsdiff#649
042a837 Backport kpdecker/jsdiff#647
See full diff in compare view

Updates express from 4.18.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for Node.js@23.0 by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: qs@6.14.0 by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

... (truncated)

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: qs@6.14.0

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

... (truncated)

Commits

12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: qs@6.14.0 (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates follow-redirects from 1.15.3 to 1.15.11

Commits

21ef28a Release version 1.15.11 of the npm package.
7c88135 Roll back tree shaking.
6e389ba Release version 1.15.10 of the npm package.
5bc496e Shake me up before you go-go.
694d6b4 Bump minimist from 1.2.5 to 1.2.8
e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
Additional commits viewable in compare view

Updates jws from 3.2.2 to 3.2.3

Release notes

Sourced from jws's releases.

v3.2.3

Changed

Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.

Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.

Changelog

Sourced from jws's changelog.

[3.2.3]

Changed

Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.

Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

[3.0.0]

Changed

BREAKING: jwt.verify now requires an algorithm parameter, and jws.createVerify requires an algorithm option. The "alg" field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by jwt.verify. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ for details.

2.0.0 - 2015-01-30

Changed

BREAKING: Default payload encoding changed from binary to utf8. utf8 is a is a more sensible default than binary because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)

Code reorganization, thanks @fearphage! (7880050)

Added

Option in all relevant methods for encoding. For those few users that might be depending on a binary encoding of the messages, this is for them. (6b6de48)

Commits

4f6e73f Merge commit from fork
bd0fea5 version 3.2.3
7c3b4b4 Enhance tests for HMAC streaming sign and verify
a9b8ed9 Improve secretOrKey initialization in VerifyStream
6707fde Improve secret handling in SignStream
See full diff in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates mdast-util-to-hast from 13.2.0 to 13.2.1

Release notes

Sourced from mdast-util-to-hast's releases.

13.2.1

Fix

ab3a795 Fix support for spaces in class names

Types

efb5312 Refactor to use @imports

a5bc210 Add declaration maps

Full Changelog: syntax-tree/mdast-util-to-hast@13.2.0...13.2.1

Commits

174795b 13.2.1
3d05b3a Update Node in Actions
ab3a795 Fix support for spaces in class names
efb5312 Refactor to use @imports
a5bc210 Add declaration maps
b54955d Add .tsbuildinfo to .gitignore
See full diff in ...
Description has been truncated

… updates Bumps the npm_and_yarn group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [linkifyjs](https://github.com/nfrasser/linkifyjs/tree/HEAD/packages/linkifyjs) | `4.1.0` | `4.3.2` | | [nanoid](https://github.com/ai/nanoid) | `3.3.4` | `3.3.8` | | [esbuild](https://github.com/evanw/esbuild) | `0.23.1` | `0.25.0` | | [axios](https://github.com/axios/axios) | `1.6.0` | `1.13.5` | | [diff](https://github.com/kpdecker/jsdiff) | `5.2.0` | `5.2.2` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.1` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` | | [postcss](https://github.com/postcss/postcss) | `8.4.21` | `8.5.6` | | [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.79.2` | Bumps the npm_and_yarn group with 10 updates in the /examples/capacitor directory: | Package | From | To | | --- | --- | --- | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.17.7` | `7.28.6` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [express](https://github.com/expressjs/express) | `4.18.3` | `4.22.1` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.9` | `1.15.11` | | [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.1.0` | `13.2.1` | | [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.79.2` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.3` | | [webpack](https://github.com/webpack/webpack) | `5.90.3` | `5.105.2` | Bumps the npm_and_yarn group with 9 updates in the /examples/nextjs directory: | Package | From | To | | --- | --- | --- | | [diff](https://github.com/kpdecker/jsdiff) | `3.5.0` | `3.5.1` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.22.1` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.13.3` | `1.15.11` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` | | [tar](https://github.com/isaacs/node-tar) | `4.4.13` | `4.4.19` | | [next](https://github.com/vercel/next.js) | `12.0.9` | `15.5.10` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.1` | `3.1.5` | Bumps the npm_and_yarn group with 10 updates in the /examples/tutorial directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.9.0` | `1.13.5` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.2` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` | | [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `6.4.1` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.11.0` | `1.26.0` | Bumps the npm_and_yarn group with 10 updates in the /examples/typescript directory: | Package | From | To | | --- | --- | --- | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.14.6` | `7.28.6` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.1` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.1` | `1.15.11` | | [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.1.0` | `13.2.1` | | [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.79.2` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.3` | | [webpack](https://github.com/webpack/webpack) | `5.90.1` | `5.105.2` | Bumps the npm_and_yarn group with 4 updates in the /examples/vite directory: [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime), [js-yaml](https://github.com/nodeca/js-yaml), [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `linkifyjs` from 4.1.0 to 4.3.2 - [Release notes](https://github.com/nfrasser/linkifyjs/releases) - [Changelog](https://github.com/nfrasser/linkifyjs/blob/main/CHANGELOG.md) - [Commits](https://github.com/nfrasser/linkifyjs/commits/v4.3.2/packages/linkifyjs) Updates `nanoid` from 3.3.4 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.4...3.3.8) Updates `esbuild` from 0.23.1 to 0.25.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.23.1...v0.25.0) Updates `axios` from 1.6.0 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.0...v1.13.5) Updates `diff` from 5.2.0 to 5.2.2 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v5.2.0...v5.2.2) Updates `express` from 4.18.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `follow-redirects` from 1.15.3 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.11) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `postcss` from 8.4.21 to 8.5.6 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.21...8.5.6) Updates `qs` from 6.11.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `rollup` from 2.79.1 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-2.md) - [Commits](rollup/rollup@v2.79.1...v2.79.2) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `@babel/runtime` from 7.17.7 to 7.28.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-runtime) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `express` from 4.18.3 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `follow-redirects` from 1.14.9 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.11) Updates `form-data` from 3.0.1 to 3.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v3.0.1...v3.0.4) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `mdast-util-to-hast` from 13.1.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `qs` from 6.11.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `rollup` from 2.79.1 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-2.md) - [Commits](rollup/rollup@v2.79.1...v2.79.2) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `node-forge` from 1.3.1 to 1.3.3 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.3) Updates `webpack` from 5.90.3 to 5.105.2 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.90.3...v5.105.2) Updates `diff` from 3.5.0 to 3.5.1 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v5.2.0...v5.2.2) Updates `express` from 4.17.1 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `follow-redirects` from 1.13.3 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.11) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `send` from 0.17.1 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.14.1 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `tar` from 4.4.13 to 4.4.19 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v4.4.13...v4.4.19) Updates `next` from 12.0.9 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v12.0.9...v15.5.10) Updates `pbkdf2` from 3.1.1 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.1...v3.1.5) Updates `axios` from 1.9.0 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.0...v1.13.5) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.2) Updates `express` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `vite` from 6.3.5 to 6.4.1 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@6.4.1/packages/vite) Updates `@modelcontextprotocol/sdk` from 1.11.0 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.11.0...v1.26.0) Updates `@babel/runtime` from 7.14.6 to 7.28.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-runtime) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `express` from 4.18.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `follow-redirects` from 1.14.1 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.11) Updates `form-data` from 3.0.1 to 3.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v3.0.1...v3.0.4) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `mdast-util-to-hast` from 13.1.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `qs` from 6.11.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `rollup` from 2.79.1 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-2.md) - [Commits](rollup/rollup@v2.79.1...v2.79.2) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2 8000 ) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `node-forge` from 1.3.1 to 1.3.3 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.3) Updates `webpack` from 5.90.1 to 5.105.2 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.90.3...v5.105.2) Updates `@babel/runtime` from 7.24.5 to 7.28.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-runtime) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1) Updates `vite` from 6.3.5 to 6.4.1 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@6.4.1/packages/vite) --- updated-dependencies: - dependency-name: linkifyjs dependency-version: 4.3.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 5.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.79.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 3.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.79.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 3.5.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 4.4.19 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 5.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 3.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.79.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 19, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 6 directories with 27 updates#2

chore(deps): bump the npm_and_yarn group across 6 directories with 27 updates#2
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-7fa29fef2d

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

v4.3.2

What's Changed

v4.3.1

What's Changed

v4.3.0

What's Changed

v4.2.0

What's Changed

v4.1.4

What's Changed

New Contributors

v4.1.3

What's Changed

v4.3.2

v4.3.1

v4.3.0

v4.2.0

v4.1.4

v4.1.3

v4.1.2

v4.1.1

3.3.8

3.3.7

3.3.6

3.3.5

v0.25.0

Changelog: 2024

0.24.2

0.24.1

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

v5.2.2 - January 2026

v5.2.1 (deprecated)

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.21.2

What's Changed

4.21.1

What's Changed

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

v3.2.3

Changed

[3.2.3]

Changed

[3.0.0]

Changed

2.0.0 - 2015-01-30

Changed

Added

13.2.1

Fix

Types

Uh oh!