Cete/sipher
1
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #7

Closed
dependabot[bot] wants to merge 1 commit from dependabot/npm_and_yarn/npm_and_yarn-7036e969c6 into main
pull from: dependabot/npm_and_yarn/npm_and_yarn-7036e969c6
merge into: Cete:main
Conversation 0 Commits 1 Files changed 2 +1120 -1537
dependabot[bot] commented 2026-04-08 13:38:52 +00:00 (Migrated from github.com)
Copy link

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
nodemailer 8.0.2 8.0.5
defu 6.1.4 6.1.7
fast-xml-parser 5.5.6 5.7.3
picomatch 4.0.3 4.0.4
picomatch 2.3.1 2.3.2
socket.io-parser 4.2.5 4.2.6

Updates nodemailer from 8.0.2 to 8.0.5

Release notes

Sourced from nodemailer's releases.

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

v8.0.4

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

v8.0.3

8.0.3 (2026-03-18)

Bug Fixes

  • clean up addressparser and fix group name fallback producing undefined (9d55877)
  • fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
  • refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
  • remove familySupportCache that broke DNS resolution tests (c803d90)
Changelog

Sourced from nodemailer's changelog.

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

8.0.3 (2026-03-18)

Bug Fixes

  • clean up addressparser and fix group name fallback producing undefined (9d55877)
  • fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
  • refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
  • remove familySupportCache that broke DNS resolution tests (c803d90)
Commits
  • 202cfb3 chore(master): release 8.0.5 (#1809)
  • b634abf docs: add CLAUDE.md with project conventions and release process
  • 95876b1 fix: decode SMTP server responses as UTF-8 at line boundary
  • 0a43876 fix: sanitize CRLF in transport name option to prevent SMTP command injection...
  • 08e59e6 chore: update dev dependencies
  • 2d31975 chore(master): release 8.0.4 (#1806)
  • 2d7b971 fix: sanitize envelope size to prevent SMTP command injection
  • 4e702e9 chore(master): release 8.0.3 (#1804)
  • c803d90 fix: remove familySupportCache that broke DNS resolution tests
  • e8c8b92 fix: fix cookie bugs, remove dead code, and improve hot-path efficiency
  • Additional commits viewable in compare view

Updates defu from 6.1.4 to 6.1.7

Release notes

Sourced from defu's releases.

v6.1.7

compare changes

📦 Build

  • Correct the types export entry (#160)
  • Export Defu types (#157)

❤️ Contributors

v6.1.6

compare changes

📦 Build

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

Tests

  • Add more tests for plain objects (b65f603)

❤️ Contributors

Changelog

Sourced from defu's changelog.

v6.1.7

compare changes

🩹 Fixes

  • defu.d.cts: Export Defu types (#157)

📦 Build

  • Correct the types export entry (#160)

❤️ Contributors

v6.1.6

compare changes

📦 Build

❤️ Contributors

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

🏡 Chore

Tests

  • Add more tests for plain objects (b65f603)

🤖 CI

... (truncated)

Commits
  • 80c0146 chore(release): v6.1.7
  • 40d7ef4 fix(defu.d.cts): export Defu types (#157)
  • 3d3a7c8 build: correct the types export entry (#160)
  • 001c290 chore(release): v6.1.6
  • 407b516 build: fix mixed types
  • 23e59e6 chore(release): v6.1.5
  • 11ba022 fix: ignore inherited enumerable properties
  • 3942bfb fix: prevent prototype pollution via __proto__ in defaults (#156)
  • d3ef16d chore(deps): update actions/checkout action to v6 (#151)
  • 869a053 chore(deps): update actions/setup-node action to v6 (#149)
  • Additional commits viewable in compare view

Updates fast-xml-parser from 5.5.6 to 5.7.3

Release notes

Sourced from fast-xml-parser's releases.

fix minor old bugs and update builder

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated

backward compatibility for numerical external entity, fix #705, #817

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

upgrade @​nodable/entities and FXB

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to use entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @​nodable/entities to replace entities

  • No API change
  • No change in performance for basic usage
  • No typing change
  • No config change
  • new dependency
  • breaking: error messages for entities might have been changed.

Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

  • increase default entity explansion limit as many projects demand for that
maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.3 / 2006-05-05

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated

5.7.2 / 2026-04-25

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

  • fix typo in CJS typing file

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

  • fix: entity replacement for numeric entities
  • use @​nodable/entities to replace entities
    • this may change some error messages related to entities expansion limit or inavlid use
    • post check would be exposed in future version

5.5.12 / 2026-04-13

  • Performance Improvement: update path-expression-matcher
    • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

  • Performance Improvement
    • integrate ExpressionSet for stopNodes

... (truncated)

Commits
  • d6d8042 update to release
  • d263370 remove dev dependency 'he'
  • f9c9a2c update builder to 1.1.7
  • b65da87 update changelog and mark addEntity deprecated
  • c2ca631 update fxb
  • da75191 fix stop node expression when ns prefix is removed
  • 31bbc99 fix: alwaysCreateTextNode should create text node when attributes are present...
  • dab327a remove unnecessary
  • ab04eeb update docs
  • 383cb3f Revise security information for v6 release
  • Additional commits viewable in compare view

Updates kysely from 0.28.11 to 0.28.17

Release notes

Sourced from kysely's releases.

0.28.17

Hey 👋

A small batch of bug fixes. Please report any issues. 🤞😰🤞

0.29 is right around the corner. Try the latest RC version!

🚀 Features

🐞 Bugfixes

📖 Documentation

📦 CICD & Tooling

⚠️ Breaking Changes

🐤 New Contributors

What's Changed

Full Changelog: https://github.com/kysely-org/kysely/compare/v0.28.16...v0.28.17

0.28.16

Hey 👋

A small batch of bug fixes. Please report any issues. 🤞😰🤞

0.29 is getting closer btw. 🌶️

🚀 Features

🐞 Bugfixes

📖 Documentation

📦 CICD & Tooling

... (truncated)

Commits
  • d13d90b 0.28.17
  • dbb5405 feat: further harden JSON path .key(...) and .at(...) against SQL injecti...
  • 73192e4 docs(returning): remove outdated SQLite alias workaround (#1793)
  • b4566a1 0.28.16
  • 20548bc chore: change verifyDepsBeforeRun to "prompt".
  • 5f46cfb fix: FilterObject allows any defined value when query context has no tables...
  • e0d0669 chore: bump dependencies and github actions. (#1789)
  • 521156b add openssf scorecard.
  • 5a0f14b fix broken tsdoc references.
  • 6998915 support multi-entry point tsdoc without index module.
  • Additional commits viewable in compare view

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4

Commits

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4

Commits

Updates socket.io-parser from 4.2.5 to 4.2.6

Release notes

Sourced from socket.io-parser's releases.

socket.io-parser@4.2.6

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

  • add a limit to the number of binary attachments (b25738c)
Commits
  • 522edcd chore(release): socket.io-parser@4.2.6
  • 3fff7ca fix(parser): add a limit to the number of binary attachments
  • 37aad11 fix: cleanup pending acks on timeout to prevent memory leak
  • ba9cd69 revert: fix: cleanup pending acks on timeout to prevent memory leak
  • 84c2fb7 chore(release): engine.io@6.6.6
  • 07cbe15 fix(eio): add @​types/ws as dependency (#5458)
  • 44ed73f fix(eio): emit initial_headers and headers events in uServer (#5460)
  • da04267 fix: cleanup pending acks on timeout to prevent memory leak (#5442)
  • 74599a6 fix(types): properly import http module
  • d48718c ci: use actions/checkout@v6 and actions/setup-node@v6 (#5449)
  • Additional commits viewable in compare view

Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.2` | `8.0.5` | | [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.5.6` | `5.7.3` | | [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.5` | `4.2.6` | Updates `nodemailer` from 8.0.2 to 8.0.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodemailer/nodemailer/releases">nodemailer's releases</a>.</em></p> <blockquote> <h2>v8.0.5</h2> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5">8.0.5</a> (2026-04-07)</h2> <h3>Bug Fixes</h3> <ul> <li>decode SMTP server responses as UTF-8 at line boundary (<a href="https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac">95876b1</a>)</li> <li>sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (<a href="https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e">0a43876</a>)</li> </ul> <h2>v8.0.4</h2> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4">8.0.4</a> (2026-03-25)</h2> <h3>Bug Fixes</h3> <ul> <li>sanitize envelope size to prevent SMTP command injection (<a href="https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651">2d7b971</a>)</li> </ul> <h2>v8.0.3</h2> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3">8.0.3</a> (2026-03-18)</h2> <h3>Bug Fixes</h3> <ul> <li>clean up addressparser and fix group name fallback producing undefined (<a href="https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd">9d55877</a>)</li> <li>fix cookie bugs, remove dead code, and improve hot-path efficiency (<a href="https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524">e8c8b92</a>)</li> <li>refactor smtp-connection for clarity and add Node.js 6 syntax compat test (<a href="https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7">c5b48ea</a>)</li> <li>remove familySupportCache that broke DNS resolution tests (<a href="https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa">c803d90</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md">nodemailer's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5">8.0.5</a> (2026-04-07)</h2> <h3>Bug Fixes</h3> <ul> <li>decode SMTP server responses as UTF-8 at line boundary (<a href="https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac">95876b1</a>)</li> <li>sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (<a href="https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e">0a43876</a>)</li> </ul> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4">8.0.4</a> (2026-03-25)</h2> <h3>Bug Fixes</h3> <ul> <li>sanitize envelope size to prevent SMTP command injection (<a href="https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651">2d7b971</a>)</li> </ul> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3">8.0.3</a> (2026-03-18)</h2> <h3>Bug Fixes</h3> <ul> <li>clean up addressparser and fix group name fallback producing undefined (<a href="https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd">9d55877</a>)</li> <li>fix cookie bugs, remove dead code, and improve hot-path efficiency (<a href="https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524">e8c8b92</a>)</li> <li>refactor smtp-connection for clarity and add Node.js 6 syntax compat test (<a href="https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7">c5b48ea</a>)</li> <li>remove familySupportCache that broke DNS resolution tests (<a href="https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa">c803d90</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodemailer/nodemailer/commit/202cfb3e14010223204e9ba9f7430176be624f0f"><code>202cfb3</code></a> chore(master): release 8.0.5 (<a href="https://redirect.github.com/nodemailer/nodemailer/issues/1809">#1809</a>)</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/b634abf05959edcc7207cdaba2c6541f92994cbb"><code>b634abf</code></a> docs: add CLAUDE.md with project conventions and release process</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac"><code>95876b1</code></a> fix: decode SMTP server responses as UTF-8 at line boundary</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e"><code>0a43876</code></a> fix: sanitize CRLF in transport name option to prevent SMTP command injection...</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/08e59e64d0f8595fa535f07061787e0946372657"><code>08e59e6</code></a> chore: update dev dependencies</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/2d319753c34d2f0ced24d8eb1d7d866d965f59f4"><code>2d31975</code></a> chore(master): release 8.0.4 (<a href="https://redirect.github.com/nodemailer/nodemailer/issues/1806">#1806</a>)</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651"><code>2d7b971</code></a> fix: sanitize envelope size to prevent SMTP command injection</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/4e702e97650aaff442a7bc040957ba9c53c614b8"><code>4e702e9</code></a> chore(master): release 8.0.3 (<a href="https://redirect.github.com/nodemailer/nodemailer/issues/1804">#1804</a>)</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa"><code>c803d90</code></a> fix: remove familySupportCache that broke DNS resolution tests</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524"><code>e8c8b92</code></a> fix: fix cookie bugs, remove dead code, and improve hot-path efficiency</li> <li>Additional commits viewable in <a href="https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.5">compare view</a></li> </ul> </details> <br /> Updates `defu` from 6.1.4 to 6.1.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/unjs/defu/releases">defu's releases</a>.</em></p> <blockquote> <h2>v6.1.7</h2> <p><a href="https://github.com/unjs/defu/compare/v6.1.6...v6.1.7">compare changes</a></p> <h3>📦 Build</h3> <ul> <li>Correct the <code>types</code> export entry (<a href="https://redirect.github.com/unjs/defu/pull/160">#160</a>)</li> <li>Export Defu types (<a href="https://redirect.github.com/unjs/defu/pull/157">#157</a>)</li> </ul> <h3>❤️ Contributors</h3> <ul> <li>Jakub Michálek (<a href="https://github.com/J-Michalek"><code>@​J-Michalek</code></a>)</li> <li>Kricsleo (<a href="https://github.com/kricsleo"><code>@​kricsleo</code></a>)</li> </ul> <h2>v6.1.6</h2> <p><a href="https://github.com/unjs/defu/compare/v6.1.5...v6.1.6">compare changes</a></p> <h3>📦 Build</h3> <ul> <li>Fix mixed types (<a href="https://github.com/unjs/defu/commit/407b516">407b516</a>)</li> </ul> <h2>v6.1.5</h2> <p><a href="https://github.com/unjs/defu/compare/v6.1.4...v6.1.5">compare changes</a></p> <h3>🩹 Fixes</h3> <ul> <li>Prevent prototype pollution via <code>__proto__</code> in defaults (<a href="https://redirect.github.com/unjs/defu/pull/156">#156</a>)</li> <li>Ignore inherited enumerable properties (<a href="https://github.com/unjs/defu/commit/11ba022">11ba022</a>)</li> </ul> <h3>✅ Tests</h3> <ul> <li>Add more tests for plain objects (<a href="https://github.com/unjs/defu/commit/b65f603">b65f603</a>)</li> </ul> <h3>❤️ Contributors</h3> <ul> <li>Pooya Parsa (<a href="https://github.com/pi0"><code>@​pi0</code></a>)</li> <li>Kricsleo (<a href="https://github.com/kricsleo"><code>@​kricsleo</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/unjs/defu/blob/main/CHANGELOG.md">defu's changelog</a>.</em></p> <blockquote> <h2>v6.1.7</h2> <p><a href="https://github.com/unjs/defu/compare/v6.1.6...v6.1.7">compare changes</a></p> <h3>🩹 Fixes</h3> <ul> <li><strong>defu.d.cts:</strong> Export Defu types (<a href="https://redirect.github.com/unjs/defu/pull/157">#157</a>)</li> </ul> <h3>📦 Build</h3> <ul> <li>Correct the <code>types</code> export entry (<a href="https://redirect.github.com/unjs/defu/pull/160">#160</a>)</li> </ul> <h3>❤️ Contributors</h3> <ul> <li>Jakub Michálek (<a href="https://github.com/J-Michalek"><code>@​J-Michalek</code></a>)</li> <li>Kricsleo (<a href="https://github.com/kricsleo"><code>@​kricsleo</code></a>)</li> </ul> <h2>v6.1.6</h2> <p><a href="https://github.com/unjs/defu/compare/v6.1.5...v6.1.6">compare changes</a></p> <h3>📦 Build</h3> <ul> <li>Fix mixed types (<a href="https://github.com/unjs/defu/commit/407b516">407b516</a>)</li> </ul> <h3>❤️ Contributors</h3> <ul> <li>Pooya Parsa (<a href="https://github.com/pi0"><code>@​pi0</code></a>)</li> </ul> <h2>v6.1.5</h2> <p><a href="https://github.com/unjs/defu/compare/v6.1.4...v6.1.5">compare changes</a></p> <h3>🩹 Fixes</h3> <ul> <li>Prevent prototype pollution via <code>__proto__</code> in defaults (<a href="https://redirect.github.com/unjs/defu/pull/156">#156</a>)</li> <li>Ignore inherited enumerable properties (<a href="https://github.com/unjs/defu/commit/11ba022">11ba022</a>)</li> </ul> <h3>🏡 Chore</h3> <ul> <li>Add tea.yaml (<a href="https://github.com/unjs/defu/commit/70cffe5">70cffe5</a>)</li> <li>Update repo (<a href="https://github.com/unjs/defu/commit/23cc432">23cc432</a>)</li> <li>Fix typecheck (<a href="https://github.com/unjs/defu/commit/89df6bb">89df6bb</a>)</li> </ul> <h3>✅ Tests</h3> <ul> <li>Add more tests for plain objects (<a href="https://github.com/unjs/defu/commit/b65f603">b65f603</a>)</li> </ul> <h3>🤖 CI</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695"><code>80c0146</code></a> chore(release): v6.1.7</li> <li><a href="https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321"><code>40d7ef4</code></a> fix(defu.d.cts): export Defu types (<a href="https://redirect.github.com/unjs/defu/issues/157">#157</a>)</li> <li><a href="https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697"><code>3d3a7c8</code></a> build: correct the <code>types</code> export entry (<a href="https://redirect.github.com/unjs/defu/issues/160">#160</a>)</li> <li><a href="https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b"><code>001c290</code></a> chore(release): v6.1.6</li> <li><a href="https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12"><code>407b516</code></a> build: fix mixed types</li> <li><a href="https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315"><code>23e59e6</code></a> chore(release): v6.1.5</li> <li><a href="https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9"><code>11ba022</code></a> fix: ignore inherited enumerable properties</li> <li><a href="https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29"><code>3942bfb</code></a> fix: prevent prototype pollution via <code>__proto__</code> in defaults (<a href="https://redirect.github.com/unjs/defu/issues/156">#156</a>)</li> <li><a href="https://github.com/unjs/defu/commit/d3ef16dabe861713192ba8679c5db8e0ac143f9b"><code>d3ef16d</code></a> chore(deps): update actions/checkout action to v6 (<a href="https://redirect.github.com/unjs/defu/issues/151">#151</a>)</li> <li><a href="https://github.com/unjs/defu/commit/869a053effb7b1bf49a1635e1bb211840daa589e"><code>869a053</code></a> chore(deps): update actions/setup-node action to v6 (<a href="https://redirect.github.com/unjs/defu/issues/149">#149</a>)</li> <li>Additional commits viewable in <a href="https://github.com/unjs/defu/compare/v6.1.4...v6.1.7">compare view</a></li> </ul> </details> <br /> Updates `fast-xml-parser` from 5.5.6 to 5.7.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's releases</a>.</em></p> <blockquote> <h2>fix minor old bugs and update builder</h2> <ul> <li>fix: alwaysCreateTextNode should create text node when attributes are present for self closing node</li> <li>fix stop node expression when ns prefix is removed (found by <a href="https://github.com/iruizsalinas">iruizsalinas</a>)</li> <li>update XML Builder to 1.1.7</li> <li>mark addEntity deprecated</li> </ul> <h2>backward compatibility for numerical external entity, fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705">#705</a>, <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817">#817</a></h2> <ul> <li>allow numerical external entity for backward compatibility</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705">#705</a>: attributesGroupName working with preserveOrder</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817">#817</a>: stackoverflow when tag expression is very long</li> </ul> <h2>upgrade <code>@​nodable/entities</code> and FXB</h2> <ul> <li>Use <code>@nodable/entities</code> v2.1.0 <ul> <li>breaking changes <ul> <li>single entity scan. You're not allowed to use entity value to form another entity name.</li> <li>you cant add numeric external entity</li> <li>entity error message when expantion limit is crossed might change</li> </ul> </li> <li>typings are updated for new options related to process entity</li> <li>please follow documentation of <code>@nodable/entities</code> for more detail.</li> <li>performance <ul> <li>if processEntities is false, then there should not be impact on performance.</li> <li>if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%</li> <li>if processEntities is true, and you pass entity decoder separately <ul> <li>if no entity then performance should be same as before</li> <li>if there are entities then performance should be increased from past versions</li> </ul> </li> </ul> </li> <li>ignoreAttributes is not required to be set to set xml version for NCR entity value</li> </ul> </li> <li>update 'fast-xml-builder' to sanitize malicious CDATA and comment's content</li> </ul> <h2>use <code>@​nodable/entities</code> to replace entities</h2> <ul> <li>No API change</li> <li>No change in performance for basic usage</li> <li>No typing change</li> <li>No config change</li> <li>new dependency</li> <li>breaking: error messages for entities might have been changed.</li> <li></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0</a></p> <h2>performance improvment, increase entity expansion default limit</h2> <ul> <li>increase default entity explansion limit as many projects demand for that</li> </ul> <pre><code>maxEntitySize: 10000, maxExpansionDepth: 10000, maxTotalExpansions: Infinity, maxExpandedLength: 100000, maxEntityCount: 1000, </code></pre> <ul> <li>performance improvement <ul> <li>reduce calls to toString</li> <li>early return when entities are not present</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p>Note: Due to some last quick changes on v4, detail of v4.5.3 &amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion</p> <p><strong>5.7.3 / 2006-05-05</strong></p> <ul> <li>fix: alwaysCreateTextNode should create text node when attributes are present for self closing node</li> <li>fix stop node expression when ns prefix is removed (found by <a href="https://github.com/iruizsalinas">iruizsalinas</a>)</li> <li>update XML Builder to 1.1.7</li> <li>mark addEntity deprecated</li> </ul> <p><strong>5.7.2 / 2026-04-25</strong></p> <ul> <li>allow numerical external entity for backward compatibility</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705">#705</a>: attributesGroupName working with preserveOrder</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817">#817</a>: stackoverflow when tag expression is very long</li> </ul> <p><strong>5.7.1 / 2026-04-20</strong></p> <ul> <li>fix typo in CJS typing file</li> </ul> <p><strong>5.7.0 / 2026-04-17</strong></p> <ul> <li>Use <code>@nodable/entities</code> v2.1.0 <ul> <li>breaking changes <ul> <li>single entity scan. You're not allowed to user entity value to form another entity name.</li> <li>you cant add numeric external entity</li> <li>entity error message when expantion limit is crossed might change</li> </ul> </li> <li>typings are updated for new options related to process entity</li> <li>please follow documentation of <code>@nodable/entities</code> for more detail.</li> <li>performance <ul> <li>if processEntities is false, then there should not be impact on performance.</li> <li>if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%</li> <li>if processEntities is true, and you pass entity decoder separately <ul> <li>if no entity then performance should be same as before</li> <li>if there are entities then performance should be increased from past versions</li> </ul> </li> </ul> </li> <li>ignoreAttributes is not required to be set to set xml version for NCR entity value</li> </ul> </li> <li>update 'fast-xml-builder' to sanitize malicious CDATA and comment's content</li> </ul> <p><strong>5.6.0 / 2026-04-15</strong></p> <ul> <li>fix: entity replacement for numeric entities</li> <li>use <code>@​nodable/entities</code> to replace entities <ul> <li>this may change some error messages related to entities expansion limit or inavlid use</li> <li>post check would be exposed in future version</li> </ul> </li> </ul> <p><strong>5.5.12 / 2026-04-13</strong></p> <ul> <li>Performance Improvement: update path-expression-matcher <ul> <li>use proxy pattern than Proxy class</li> </ul> </li> </ul> <p><strong>5.5.11 / 2026-04-08</strong></p> <ul> <li>Performance Improvement <ul> <li>integrate ExpressionSet for stopNodes</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/d6d80429b1d1f1420902e1cebac6fe7831ba0839"><code>d6d8042</code></a> update to release</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/d2633709699520c514208ea70e31adb6d71ab0e8"><code>d263370</code></a> remove dev dependency 'he'</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/f9c9a2c19f819ab6fe0856ef4e94d6aa28fe1eec"><code>f9c9a2c</code></a> update builder to 1.1.7</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/b65da87028f943abf5698b96385eef21e39f983e"><code>b65da87</code></a> update changelog and mark addEntity deprecated</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/c2ca631f99d4d7f66e0d48001741bc8784cfe966"><code>c2ca631</code></a> update fxb</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/da7519163bfdc257e90be781a05af83840b330a8"><code>da75191</code></a> fix stop node expression when ns prefix is removed</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/31bbc99adedcada7d52bc4745273e7d8b9824b31"><code>31bbc99</code></a> fix: alwaysCreateTextNode should create text node when attributes are present...</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/dab327a05acd4f62bba277fb924e2e751079eca0"><code>dab327a</code></a> remove unnecessary</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/ab04eeb91d3013d56c6a949cf45c17deaa3a0fc8"><code>ab04eeb</code></a> update docs</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/383cb3feee7f8181379f41836359e6b53379db5d"><code>383cb3f</code></a> Revise security information for v6 release</li> <li>Additional commits viewable in <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.6...v5.7.3">compare view</a></li> </ul> </details> <br /> Updates `kysely` from 0.28.11 to 0.28.17 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kysely-org/kysely/releases">kysely's releases</a>.</em></p> <blockquote> <h2>0.28.17</h2> <p>Hey 👋</p> <p>A small batch of bug fixes. Please report any issues. 🤞😰🤞</p> <p><a href="https://github.com/kysely-org/kysely/releases/tag/v0.29.0-rc.0">0.29</a> is right around the corner. Try the latest RC version!</p> <h2>🚀 Features</h2> <h2>🐞 Bugfixes</h2> <ul> <li>fix: further harden JSON path <code>.key(...)</code> and <code>.at(...)</code> against SQL injections and exfiltrations. by <a href="https://github.com/igalklebanov"><code>@​igalklebanov</code></a> in <a href="https://redirect.github.com/kysely-org/kysely/pull/1804">kysely-org/kysely#1804</a></li> </ul> <h2>📖 Documentation</h2> <ul> <li>docs(returning): remove outdated SQLite alias workaround by <a href="https://github.com/aymenhmaidiwastaken"><code>@​aymenhmaidiwastaken</code></a> in <a href="https://redirect.github.com/kysely-org/kysely/pull/1793">kysely-org/kysely#1793</a></li> </ul> <h2>📦 CICD &amp; Tooling</h2> <h2>⚠️ Breaking Changes</h2> <h2>🐤 New Contributors</h2> <ul> <li><a href="https://github.com/aymenhmaidiwastaken"><code>@​aymenhmaidiwastaken</code></a> made their first contribution in <a href="https://redirect.github.com/kysely-org/kysely/pull/1793">kysely-org/kysely#1793</a></li> </ul> <h2>What's Changed</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/kysely-org/kysely/compare/v0.28.16...v0.28.17">https://github.com/kysely-org/kysely/compare/v0.28.16...v0.28.17</a></p> <h2>0.28.16</h2> <p>Hey 👋</p> <p>A small batch of bug fixes. Please report any issues. 🤞😰🤞</p> <p><a href="https://redirect.github.com/kysely-org/kysely/pull/1583">0.29</a> is getting closer btw. 🌶️</p> <h2>🚀 Features</h2> <h2>🐞 Bugfixes</h2> <ul> <li>fix: <code>FilterObject</code> allows any defined value when query context has no tables (<code>TB</code> is <code>never</code>). by <a href="https://github.com/igalklebanov"><code>@​igalklebanov</code></a> in <a href="https://redirect.github.com/kysely-org/kysely/pull/1791">kysely-org/kysely#1791</a></li> </ul> <h2>📖 Documentation</h2> <ul> <li>add socket security badge. by <a href="https://github.com/igalklebanov"><code>@​igalklebanov</code></a> in <a href="https://github.com/kysely-org/kysely/commit/db646ac479c9fa5b6e092db05ec54607c20b32dc">https://github.com/kysely-org/kysely/commit/db646ac479c9fa5b6e092db05ec54607c20b32dc</a></li> <li>chore: make socket security badge reflect current specific version. by <a href="https://github.com/igalklebanov"><code>@​igalklebanov</code></a> in <a href="https://github.com/kysely-org/kysely/commit/559714438986f602f1b1ada90aa7b8a83336b6f3">https://github.com/kysely-org/kysely/commit/559714438986f602f1b1ada90aa7b8a83336b6f3</a></li> <li>support multi-entry point tsdoc without index module. by <a href="https://github.com/igalklebanov"><code>@​igalklebanov</code></a> in <a href="https://github.com/kysely-org/kysely/commit/699891593c4d7888940dd7539282a0444fb4bd45">https://github.com/kysely-org/kysely/commit/699891593c4d7888940dd7539282a0444fb4bd45</a></li> <li>fix broken tsdoc references. by <a href="https://github.com/igalklebanov"><code>@​igalklebanov</code></a> in <a href="https://github.com/kysely-org/kysely/commit/5a0f14b84bf1658bff83babc71e3bf039797b4d9">https://github.com/kysely-org/kysely/commit/5a0f14b84bf1658bff83babc71e3bf039797b4d9</a></li> </ul> <h2>📦 CICD &amp; Tooling</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kysely-org/kysely/commit/d13d90b724bfdee3eb40ef5144d9d063701af973"><code>d13d90b</code></a> 0.28.17</li> <li><a href="https://github.com/kysely-org/kysely/commit/dbb5405854b76905d99247ed4748ec70e63504d0"><code>dbb5405</code></a> feat: further harden JSON path <code>.key(...)</code> and <code>.at(...)</code> against SQL injecti...</li> <li><a href="https://github.com/kysely-org/kysely/commit/73192e4963afbe794c046137596c96eb166992e7"><code>73192e4</code></a> docs(returning): remove outdated SQLite alias workaround (<a href="https://redirect.github.com/kysely-org/kysely/issues/1793">#1793</a>)</li> <li><a href="https://github.com/kysely-org/kysely/commit/b4566a1f7a3277997b0a15f27d3113e8e095fa87"><code>b4566a1</code></a> 0.28.16</li> <li><a href="https://github.com/kysely-org/kysely/commit/20548bca896ea6907f584cad7677974f97205148"><code>20548bc</code></a> chore: change <code>verifyDepsBeforeRun</code> to &quot;prompt&quot;.</li> <li><a href="https://github.com/kysely-org/kysely/commit/5f46cfb4686b94bab004d17382aeec11ed84d765"><code>5f46cfb</code></a> fix: <code>FilterObject</code> allows any defined value when query context has no tables...</li> <li><a href="https://github.com/kysely-org/kysely/commit/e0d0669e250d6737ce9e406df974f100b3a47ae3"><code>e0d0669</code></a> chore: bump dependencies and github actions. (<a href="https://redirect.github.com/kysely-org/kysely/issues/1789">#1789</a>)</li> <li><a href="https://github.com/kysely-org/kysely/commit/521156b1edcaff69763c52114928c429d3a4ac89"><code>521156b</code></a> add openssf scorecard.</li> <li><a href="https://github.com/kysely-org/kysely/commit/5a0f14b84bf1658bff83babc71e3bf039797b4d9"><code>5a0f14b</code></a> fix broken tsdoc references.</li> <li><a href="https://github.com/kysely-org/kysely/commit/699891593c4d7888940dd7539282a0444fb4bd45"><code>6998915</code></a> support multi-entry point tsdoc without index module.</li> <li>Additional commits viewable in <a href="https://github.com/kysely-org/kysely/compare/v0.28.11...v0.28.17">compare view</a></li> </ul> </details> <br /> Updates `picomatch` from 4.0.3 to 4.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>4.0.4</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334"><code>e5474fc</code></a> Publish 4.0.4</li> <li><a href="https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903"><code>4516eb5</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d"><code>5eceecd</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238"><code>0db7dd7</code></a> Run benchmark again against latest minimatch version (<a href="https://redirect.github.com/micromatch/picomatch/issues/161">#161</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a"><code>9500377</code></a> docs: clarify what brace expansion syntax is and isn't supported (<a href="https://redirect.github.com/micromatch/picomatch/issues/134">#134</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171"><code>2661f23</code></a> fix typo in globstars.js test name (<a href="https://redirect.github.com/micromatch/picomatch/issues/138">#138</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7"><code>1798b07</code></a> docs: fix <code>makeRe</code> example (<a href="https://redirect.github.com/micromatch/picomatch/issues/143">#143</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8"><code>9d76bc5</code></a> chore: undocument removed options (<a href="https://redirect.github.com/micromatch/picomatch/issues/146">#146</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d"><code>e4d718b</code></a> Remove unused time-require (<a href="https://redirect.github.com/micromatch/picomatch/issues/160">#160</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76"><code>38dffeb</code></a> chore(deps): pin dependencies (<a href="https://redirect.github.com/micromatch/picomatch/issues/158">#158</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">compare view</a></li> </ul> </details> <br /> Updates `picomatch` from 2.3.1 to 2.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>4.0.4</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334"><code>e5474fc</code></a> Publish 4.0.4</li> <li><a href="https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903"><code>4516eb5</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d"><code>5eceecd</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238"><code>0db7dd7</code></a> Run benchmark again against latest minimatch version (<a href="https://redirect.github.com/micromatch/picomatch/issues/161">#161</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a"><code>9500377</code></a> docs: clarify what brace expansion syntax is and isn't supported (<a href="https://redirect.github.com/micromatch/picomatch/issues/134">#134</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171"><code>2661f23</code></a> fix typo in globstars.js test name (<a href="https://redirect.github.com/micromatch/picomatch/issues/138">#138</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7"><code>1798b07</code></a> docs: fix <code>makeRe</code> example (<a href="https://redirect.github.com/micromatch/picomatch/issues/143">#143</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8"><code>9d76bc5</code></a> chore: undocument removed options (<a href="https://redirect.github.com/micromatch/picomatch/issues/146">#146</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d"><code>e4d718b</code></a> Remove unused time-require (<a href="https://redirect.github.com/micromatch/picomatch/issues/160">#160</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76"><code>38dffeb</code></a> chore(deps): pin dependencies (<a href="https://redirect.github.com/micromatch/picomatch/issues/158">#158</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">compare view</a></li> </ul> </details> <br /> Updates `socket.io-parser` from 4.2.5 to 4.2.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/socketio/socket.io/releases">socket.io-parser's releases</a>.</em></p> <blockquote> <h2>socket.io-parser@4.2.6</h2> <p>This release includes a fix for <a href="https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9">CVE-2026-33151</a>. Please upgrade as soon as possible.</p> <h3>Bug Fixes</h3> <ul> <li>add a limit to the number of binary attachments (<a href="https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78">b25738c</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/socketio/socket.io/commit/522edcdbb89da5eb647abb93c73229d1e91c304f"><code>522edcd</code></a> chore(release): socket.io-parser@4.2.6</li> <li><a href="https://github.com/socketio/socket.io/commit/3fff7cafa98f1ba5840475b6917c651fe841a943"><code>3fff7ca</code></a> fix(parser): add a limit to the number of binary attachments</li> <li><a href="https://github.com/socketio/socket.io/commit/37aad11417d1020cf51d27a0cf90fa367efd5dc1"><code>37aad11</code></a> fix: cleanup pending acks on timeout to prevent memory leak</li> <li><a href="https://github.com/socketio/socket.io/commit/ba9cd6900d0d84678623cd8e3a42165e922f3fbd"><code>ba9cd69</code></a> revert: fix: cleanup pending acks on timeout to prevent memory leak</li> <li><a href="https://github.com/socketio/socket.io/commit/84c2fb78217b6375b38e0b47e0d59d7b1b8431d7"><code>84c2fb7</code></a> chore(release): engine.io@6.6.6</li> <li><a href="https://github.com/socketio/socket.io/commit/07cbe1510ded7e5460cb82e026e2533e50e30eaf"><code>07cbe15</code></a> fix(eio): add <code>@​types/ws</code> as dependency (<a href="https://redirect.github.com/socketio/socket.io/issues/5458">#5458</a>)</li> <li><a href="https://github.com/socketio/socket.io/commit/44ed73f53995d35ef0c8d10df6806d5687238282"><code>44ed73f</code></a> fix(eio): emit initial_headers and headers events in uServer (<a href="https://redirect.github.com/socketio/socket.io/issues/5460">#5460</a>)</li> <li><a href="https://github.com/socketio/socket.io/commit/da04267ffc7b0903ca91f2fccb80e56246d13328"><code>da04267</code></a> fix: cleanup pending acks on timeout to prevent memory leak (<a href="https://redirect.github.com/socketio/socket.io/issues/5442">#5442</a>)</li> <li><a href="https://github.com/socketio/socket.io/commit/74599a6b9e3dbeff1a9efe46c305d5d25d6e3dd8"><code>74599a6</code></a> fix(types): properly import http module</li> <li><a href="https://github.com/socketio/socket.io/commit/d48718cb675721fc1252775115592ebd1b255899"><code>d48718c</code></a> ci: use actions/checkout@v6 and actions/setup-node@v6 (<a href="https://redirect.github.com/socketio/socket.io/issues/5449">#5449</a>)</li> <li>Additional commits viewable in <a href="https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.5...socket.io-parser@4.2.6">compare view</a></li> </ul> </details> <br />
Cete closed this pull request 2026-05-18 12:42:34 +00:00

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something isn't working

  
dependencies

Pull requests that update a dependency file

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
javascript

Pull requests that update javascript code

  
question

Further information is requested

  
wontfix

This will not be worked on

No labels
bug
dependencies
documentation
duplicate
enhancement
good first issue
help wanted
invalid
javascript
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Cete/sipher#7
No description provided.
Delete branch "dependabot/npm_and_yarn/npm_and_yarn-7036e969c6"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?