chore(deps): bump the npm_and_yarn group across 1 directory with 9 updates #2

Merged

dependabot[bot] merged 1 commit from dependabot/npm_and_yarn/docs/npm_and_yarn-4a98cd700f into main 2025-12-29 22:28:40 +00:00

Conversation 0 Commits 1 Files changed 1 +120 -257

dependabot[bot] commented 2025-11-15 10:18:36 +00:00 (Migrated from github.com)

Copy link

Bumps the npm_and_yarn group with 9 updates in the /docs directory:

Package	From	To
@babel/helpers	7.23.9	7.28.4
brace-expansion	1.1.11	1.1.12
estree-util-value-to-estree	3.0.1	3.5.0
http-proxy-middleware	2.0.7	2.0.9
image-size	1.1.1	1.2.1
on-headers	1.0.2	1.1.0
prismjs	1.29.0	1.30.0
serialize-javascript	6.0.1	6.0.2
ws	7.5.9	7.5.10
ws	8.16.0	8.18.3

Updates @babel/helpers from 7.23.9 to 7.28.4

Release notes

Sourced from @​babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

Committers: 5

• Babel Bot (@​babel-bot)
• Bill Collins (@​mrginglymus)
• Glenn Willen (@​gwillen)
• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Jam Balaya (@​JamBalaya56562)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• easrng (@​easrng)

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

• babel-types
  • #17445 [babel 7] Make operator param in t.tsTypeOperator optional (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17441 fix: regeneratorDefine compatibility with es5 strict mode (@​liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

• babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator
  • #17426 fix: regenerator correctly handles throw outside of try (@​liuxingbaoyu)

📝 Documentation

• babel-types
  • #17422 Add missing FunctionParameter docs (@​JLHwung)

... (truncated)

Commits

• 35055e3 v7.28.4
• 18d88b8 Improve @​babel/core typings (#17471)
• ef155f5 v7.28.3
• 741cbd2 chore: fix various typos across codebase (#17476)
• cac0ff4 v7.28.2
• f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
• baa4cb8 v7.27.6
• fdbf1b3 fix: finally causes unexpected return value (#17366)
• 7d06930 v7.27.4
• 5b9468d Reduce regenerator size more (#17287)
• Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates estree-util-value-to-estree from 3.0.1 to 3.5.0

Release notes

Sourced from estree-util-value-to-estree's releases.

v3.5.0

• af5a2bd Add support for serializing custom values in remcohaszing/estree-util-value-to-estree#6
• ec6da00 Allow passing undefined as any option

Full Changelog: https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.4.1...v3.5.0

v3.4.1

• 87309dc Use OIDC for publishing
• 8b3ea8d Update Temporal support

Full Changelog: https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.4.0...v3.4.1

v3.4.0

• 23b636f Declare there are no side effects in package.json
• 471b4fe Add support for Float16Array

Full Changelog: https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.3...v3.4.0

v3.3.3

• 652e019 Use singular Object.defineProperty if possible
• d0c394f Fix __proto__ property emit

Full Changelog: https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.2...v3.3.3

v3.3.2

• 6ecf349 Move @js-temporal/polyfill to devDependencies

Full Changelog: https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.1...v3.3.2

v3.3.1

• 1c1eb66 Don’t crash if Temporal is undefined

Full Changelog: https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.0...v3.3.1

v3.3.0

• 014536b Add support for Temporal types

Full Changelog: https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.2.1...v3.3.0

v3.2.1

Fix publishing

Full Changelog: https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.2.0...v3.2.1

v3.2.0

• 33d7a80 Preserve property descriptors.
• e3fb668 Add support for well-known symbols.

Full Changelog: https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.1.2...v3.2.0

... (truncated)

Commits

• c845e04 3.5.0
• 2f6a020 Stricten tsconfig.json
• ec6da00 Allow passing undefined as any option
• af5a2bd Add support for serializing custom values (#6)
• ecac810 Fix a typo
• aa90de2 3.4.1
• 87309dc Use OIDC for publishing
• db5911c Use Node.js 24 in CI
• 4e2914e Update the readme
• 8b3ea8d Update Temporal support
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for estree-util-value-to-estree since your current version.

Updates http-proxy-middleware from 2.0.7 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

• fix(fixRequestBody): check readableLength by @​chimurai in chimurai/http-proxy-middleware#1097
• chore(package): v2.0.9 by @​chimurai in chimurai/http-proxy-middleware#1099

Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9

v2.0.8

What's Changed

• fix(fixRequestBody): prevent multiple .write() calls by @​chimurai in chimurai/http-proxy-middleware#1090
• fix(fixRequestBody): handle invalid request by @​chimurai in chimurai/http-proxy-middleware#1091
• chore(package): v2.0.8 by @​chimurai in chimurai/http-proxy-middleware#1094

Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

• fix(fixRequestBody): check readableLength

v2.0.8

• fix(fixRequestBody): prevent multiple .write() calls
• fix(fixRequestBody): handle invalid request

Commits

• 617a7c9 chore(package): v2.0.9 (#1099)
• d22d587 fix(fixRequestBody): check readableLength (#1097)
• d03d51b chore(package): v2.0.8 (#1094)
• c50dd06 fix(fixRequestBody): handle invalid request (#1091)
• 76a9d8d fix(fixRequestBody): prevent multiple .write() calls (#1090)
• See full diff in compare view

Updates image-size from 1.1.1 to 1.2.1

Release notes

Sourced from image-size's releases.

v1.2.1

Fixes

• fix potential Denial of Service via specially crafted payloads in https://github.com/image-size/image-size/commit/640a67d9e821baee4cb596def8db00627f649dfc

Full Changelog: https://github.com/image-size/image-size/compare/v1.2.0...v1.2.1

v1.2.0

This release adds support for JPEG-XL ( #409 )

Commits

• a4178fb 1.2.1
• 640a67d fix potential Denial of Service via specially crafted payloads
• 9d41448 1.2.0
• 405a244 fixups
• 76c5c9a mention jpeg-xl in the readme
• a10262c Add support for JPEG XL (#409)
• a7a24a3 (app): Fix typo in comments (#411)
• 9f48213 update dependencies, and reformat code with eslint 9
• 64dda84 refactor formats that use a ISO-BMFF container
• e3ea538 no need to create hex strings in j2c
• Additional commits viewable in compare view

Updates on-headers from 1.0.2 to 1.1.0

Release notes

Sourced from on-headers's releases.

1.1.0

Important

• Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

What's Changed

• Migrate CI pipeline to GitHub actions by @​carpasse in jshttp/on-headers#12
• fix README.md badges by @​carpasse in jshttp/on-headers#13
• add OSSF scorecard action by @​carpasse in jshttp/on-headers#14
• fix: use ubuntu-latest as ci runner by @​UlisesGascon in jshttp/on-headers#19
• ci: apply OSSF Scorecard security best practices by @​UlisesGascon in jshttp/on-headers#20
• 👷 add upstream change detection by @​ctcpip in jshttp/on-headers#31
• ✨ add script to update known hashes by @​ctcpip in jshttp/on-headers#32
• 💚 update CI - add newer node versions by @​ctcpip in jshttp/on-headers#33

New Contributors

• @​carpasse made their first contribution in jshttp/on-headers#12
• @​UlisesGascon made their first contribution in jshttp/on-headers#19
• @​ctcpip made their first contribution in jshttp/on-headers#31

Full Changelog: https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0

Changelog

Sourced from on-headers's changelog.

1.1.0 / 2025-07-17

• Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

Commits

• 4b017af 1.1.0
• b636f2d ♻️ refactor header array code
• 3e2c2d4 ✨ ignore falsy header keys, matching node behavior
• 172eb41 ✨ support duplicate headers
• c6e3849 🔒️ fix array handling
• 6893518 💚 update CI - add newer node versions
• 56a345d ✨ add script to update known hashes
• 175ab21 👷 add upstream change detection (#31)
• ce0b2c8 ci: apply OSSF Scorecard security best practices (#20)
• 1a38c54 fix: use ubuntu-latest as ci runner (#19)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for on-headers since your current version.

Updates prismjs from 1.29.0 to 1.30.0

Release notes

Sourced from prismjs's releases.

v1.30.0

What's Changed

• check that currentScript is set by a script tag by @​lkuechler in PrismJS/prism#3863

New Contributors

• @​lkuechler made their first contribution in PrismJS/prism#3863

Full Changelog: https://github.com/PrismJS/prism/compare/v1.29.0...v1.30.0

Changelog

Sourced from prismjs's changelog.

Prism Changelog

Commits

• 76dde18 Release 1.30.0
• 93cca40 npm pkg fix
• 99c5ca9 Add release script
• 8e8b935 check that currentScript is set by a script tag (#3863)
• f894dc2 Fix logo in the footer
• ac38dce Delete CNAME
• 9b5b09a Enable CORS
• See full diff in compare view

Maintainer changes

This version was pushed to npm by dmitrysharabin, a new releaser for prismjs since your current version.

Updates serialize-javascript from 6.0.1 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

• fix: serialize URL string contents to prevent XSS (#173) f27d65d
• Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0
• docs: update readme with URL support (#146) 0d88527
• chore: update node version and lock file e2a3a91
• fix typo (#164) 5a1fa64

https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2

Commits

• b71ec23 6.0.2
• f27d65d fix: serialize URL string contents to prevent XSS (#173)
• 02499c0 Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171)
• 0d88527 docs: update readme with URL support (#146)
• e2a3a91 chore: update node version and lock file
• 5a1fa64 fix typo (#164)
• See full diff in compare view

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

• Backported e55e5106 to the 7.x release line (22c28763).

Commits

• d962d70 [dist] 7.5.10
• 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
• See full diff in compare view

Updates ws from 8.16.0 to 8.18.3

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

• Backported e55e5106 to the 7.x release line (22c28763).

Commits

• d962d70 [dist] 7.5.10
• 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 9 updates in the /docs directory: | Package | From | To | | --- | --- | --- | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.23.9` | `7.28.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [estree-util-value-to-estree](https://github.com/remcohaszing/estree-util-value-to-estree) | `3.0.1` | `3.5.0` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.7` | `2.0.9` | | [image-size](https://github.com/image-size/image-size) | `1.1.1` | `1.2.1` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` | | [prismjs](https://github.com/PrismJS/prism) | `1.29.0` | `1.30.0` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` | | [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.10` | | [ws](https://github.com/websockets/ws) | `8.16.0` | `8.18.3` | Updates `@babel/helpers` from 7.23.9 to 7.28.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases"><code>@​babel/helpers</code>'s releases</a>.</em></p> <blockquote> <h2>v7.28.4 (2025-09-05)</h2> <p>Thanks <a href="https://github.com/gwillen"><code>@​gwillen</code></a> and <a href="https://github.com/mrginglymus"><code>@​mrginglymus</code></a> for your first PRs!</p> <h4>:house: Internal</h4> <ul> <li><code>babel-core</code>, <code>babel-helper-check-duplicate-nodes</code>, <code>babel-traverse</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17493">#17493</a> Update Jest to v30.1.1 (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-regenerator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17455">#17455</a> chore: Clean up <code>transform-regenerator</code> (<a href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17474">#17474</a> Switch to <code>@​jridgewell/remapping</code> (<a href="https://github.com/mrginglymus"><code>@​mrginglymus</code></a>)</li> </ul> </li> </ul> <h4>Committers: 5</h4> <ul> <li>Babel Bot (<a href="https://github.com/babel-bot"><code>@​babel-bot</code></a>)</li> <li>Bill Collins (<a href="https://github.com/mrginglymus"><code>@​mrginglymus</code></a>)</li> <li>Glenn Willen (<a href="https://github.com/gwillen"><code>@​gwillen</code></a>)</li> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> <li><a href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a></li> </ul> <h2>v7.28.3 (2025-08-14)</h2> <h4>:eyeglasses: Spec Compliance</h4> <ul> <li><code>babel-helper-create-class-features-plugin</code>, <code>babel-plugin-proposal-decorators</code>, <code>babel-plugin-transform-class-static-block</code>, <code>babel-preset-env</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17443">#17443</a> [static blocks] Do not inject new static fields after static code (<a href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17465">#17465</a> fix(parser/typescript): parse <code>import(&quot;./a&quot;, {with:{},})</code> (<a href="https://github.com/easrng"><code>@​easrng</code></a>)</li> <li><a href="https://redirect.github.com/babel/babel/pull/17478">#17478</a> fix(parser): stop subscript parsing on async arrow (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> </li> </ul> <h4>:nail_care: Polish</h4> <ul> <li><code>babel-plugin-transform-regenerator</code>, <code>babel-plugin-transform-runtime</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17363">#17363</a> Do not save last yield in call in temp var (<a href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h4>:memo: Documentation</h4> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17448">#17448</a> move eslint-{parser,plugin} docs to the website (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> <h4>:house: Internal</h4> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17454">#17454</a> Enable type checking for <code>scripts</code> and <code>babel-worker.cjs</code> (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> <h4>:microscope: Output optimization</h4> <ul> <li><code>babel-plugin-proposal-destructuring-private</code>, <code>babel-plugin-proposal-do-expressions</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17444">#17444</a> Optimize do expression output (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> </li> </ul> <h4>Committers: 5</h4> <ul> <li>Babel Bot (<a href="https://github.com/babel-bot"><code>@​babel-bot</code></a>)</li> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> <li>Jam Balaya (<a href="https://github.com/JamBalaya56562"><code>@​JamBalaya56562</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li> <li>easrng (<a href="https://github.com/easrng"><code>@​easrng</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@​babel/helpers</code>'s changelog</a>.</em></p> <blockquote> <h2>v7.28.4 (2025-09-05)</h2> <h4>:house: Internal</h4> <ul> <li><code>babel-core</code>, <code>babel-helper-check-duplicate-nodes</code>, <code>babel-traverse</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17493">#17493</a> Update Jest to v30.1.1 (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-regenerator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17455">#17455</a> chore: Clean up <code>transform-regenerator</code> (<a href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17474">#17474</a> Switch to <code>@​jridgewell/remapping</code> (<a href="https://github.com/mrginglymus"><code>@​mrginglymus</code></a>)</li> </ul> </li> </ul> <h2>v7.28.3 (2025-08-14)</h2> <h4>:eyeglasses: Spec Compliance</h4> <ul> <li><code>babel-helper-create-class-features-plugin</code>, <code>babel-plugin-proposal-decorators</code>, <code>babel-plugin-transform-class-static-block</code>, <code>babel-preset-env</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17443">#17443</a> [static blocks] Do not inject new static fields after static code (<a href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17465">#17465</a> fix(parser/typescript): parse <code>import(&quot;./a&quot;, {with:{},})</code> (<a href="https://github.com/easrng"><code>@​easrng</code></a>)</li> <li><a href="https://redirect.github.com/babel/babel/pull/17478">#17478</a> fix(parser): stop subscript parsing on async arrow (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> </li> </ul> <h4>:nail_care: Polish</h4> <ul> <li><code>babel-plugin-transform-regenerator</code>, <code>babel-plugin-transform-runtime</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17363">#17363</a> Do not save last yield in call in temp var (<a href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h4>:memo: Documentation</h4> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17448">#17448</a> move eslint-{parser,plugin} docs to the website (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> <h4>:house: Internal</h4> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17454">#17454</a> Enable type checking for <code>scripts</code> and <code>babel-worker.cjs</code> (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> <h4>:microscope: Output optimization</h4> <ul> <li><code>babel-plugin-proposal-destructuring-private</code>, <code>babel-plugin-proposal-do-expressions</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17444">#17444</a> Optimize do expression output (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> </li> </ul> <h2>v7.28.2 (2025-07-24)</h2> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17445">#17445</a> [babel 7] Make <code>operator</code> param in <code>t.tsTypeOperator</code> optional (<a href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li> </ul> </li> <li><code>babel-helpers</code>, <code>babel-plugin-transform-async-generator-functions</code>, <code>babel-plugin-transform-regenerator</code>, <code>babel-preset-env</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17441">#17441</a> fix: <code>regeneratorDefine</code> compatibility with es5 strict mode (<a href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h2>v7.28.1 (2025-07-12)</h2> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-plugin-transform-async-generator-functions</code>, <code>babel-plugin-transform-regenerator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17426">#17426</a> fix: <code>regenerator</code> correctly handles <code>throw</code> outside of <code>try</code> (<a href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>:memo: Documentation</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17422">#17422</a> Add missing FunctionParameter docs (<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f"><code>35055e3</code></a> v7.28.4</li> <li><a href="https://github.com/babel/babel/commit/18d88b83c67c8dbbe63e4ac423e6006c4c01b85c"><code>18d88b8</code></a> Improve <code>@​babel/core</code> typings (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17471">#17471</a>)</li> <li><a href="https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2"><code>ef155f5</code></a> v7.28.3</li> <li><a href="https://github.com/babel/babel/commit/741cbd2381ac0cda3afd42bc04454a87d9d8762a"><code>741cbd2</code></a> chore: fix various typos across codebase (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17476">#17476</a>)</li> <li><a href="https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6"><code>cac0ff4</code></a> v7.28.2</li> <li><a href="https://github.com/babel/babel/commit/f743094585b39bd9f7a9e3a3561215b2103e2474"><code>f743094</code></a> fix: <code>regeneratorDefine</code> compatibility with es5 strict mode (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17441">#17441</a>)</li> <li><a href="https://github.com/babel/babel/commit/baa4cb8b9f8a551d7dae9042b19ea2f74df6b110"><code>baa4cb8</code></a> v7.27.6</li> <li><a href="https://github.com/babel/babel/commit/fdbf1b32b3aa3705761ff820661e81c0aececab7"><code>fdbf1b3</code></a> fix: <code>finally</code> causes unexpected return value (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17366">#17366</a>)</li> <li><a href="https://github.com/babel/babel/commit/7d069309fdfcedda2928a043f6f7c98135c1242a"><code>7d06930</code></a> v7.27.4</li> <li><a href="https://github.com/babel/babel/commit/5b9468d9bf1ab4f427241673e9f03593da115a69"><code>5b9468d</code></a> Reduce <code>regenerator</code> size more (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17287">#17287</a>)</li> <li>Additional commits viewable in <a href="https://github.com/babel/babel/commits/v7.28.4/packages/babel-helpers">compare view</a></li> </ul> </details> <br /> Updates `brace-expansion` from 1.1.11 to 1.1.12 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/juliangruber/brace-expansion/releases">brace-expansion's releases</a>.</em></p> <blockquote> <h2>v1.1.12</h2> <ul> <li>pkg: publish on tag 1.x c460dbd</li> <li>fmt ccb8ac6</li> <li>Fix potential ReDoS Vulnerability or Inefficient Regular Expression (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>) c3c73c8</li> </ul> <hr /> <p><a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12">https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711"><code>44f33b4</code></a> 1.1.12</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570"><code>c460dbd</code></a> pkg: publish on tag 1.x</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f"><code>ccb8ac6</code></a> fmt</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217"><code>c3c73c8</code></a> Fix potential ReDoS Vulnerability or Inefficient Regular Expression (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>)</li> <li>See full diff in <a href="https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12">compare view</a></li> </ul> </details> <br /> Updates `estree-util-value-to-estree` from 3.0.1 to 3.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remcohaszing/estree-util-value-to-estree/releases">estree-util-value-to-estree's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <ul> <li>af5a2bd Add support for serializing custom values in <a href="https://redirect.github.com/remcohaszing/estree-util-value-to-estree/pull/6">remcohaszing/estree-util-value-to-estree#6</a></li> <li>ec6da00 Allow passing undefined as any option</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.4.1...v3.5.0">https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.4.1...v3.5.0</a></p> <h2>v3.4.1</h2> <ul> <li>87309dc Use OIDC for publishing</li> <li>8b3ea8d Update Temporal support</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.4.0...v3.4.1">https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.4.0...v3.4.1</a></p> <h2>v3.4.0</h2> <ul> <li>23b636f Declare there are no side effects in <code>package.json</code></li> <li>471b4fe Add support for <code>Float16Array</code></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.3...v3.4.0">https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.3...v3.4.0</a></p> <h2>v3.3.3</h2> <ul> <li>652e019 Use singular <code>Object.defineProperty</code> if possible</li> <li>d0c394f Fix <code>__proto__</code> property emit</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.2...v3.3.3">https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.2...v3.3.3</a></p> <h2>v3.3.2</h2> <ul> <li>6ecf349 Move <code>@js-temporal/polyfill</code> to <code>devDependencies</code></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.1...v3.3.2">https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.1...v3.3.2</a></p> <h2>v3.3.1</h2> <ul> <li>1c1eb66 Don’t crash if Temporal is undefined</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.0...v3.3.1">https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.0...v3.3.1</a></p> <h2>v3.3.0</h2> <ul> <li>014536b Add support for Temporal types</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.2.1...v3.3.0">https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.2.1...v3.3.0</a></p> <h2>v3.2.1</h2> <p>Fix publishing</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.2.0...v3.2.1">https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.2.0...v3.2.1</a></p> <h2>v3.2.0</h2> <ul> <li>33d7a80 Preserve property descriptors.</li> <li>e3fb668 Add support for <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Symbol#well-known_symbols">well-known symbols</a>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.1.2...v3.2.0">https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.1.2...v3.2.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/c845e044e99e7b6c73a436320744d9c41d2844da"><code>c845e04</code></a> 3.5.0</li> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/2f6a0203b7b615a9fa44a1055192acc61e3c5f4a"><code>2f6a020</code></a> Stricten tsconfig.json</li> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/ec6da00bd575fce85adff9a3e21115d4ba7e00de"><code>ec6da00</code></a> Allow passing undefined as any option</li> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/af5a2bd2382fa5f35aa565d3128547da9b307aba"><code>af5a2bd</code></a> Add support for serializing custom values (<a href="https://redirect.github.com/remcohaszing/estree-util-value-to-estree/issues/6">#6</a>)</li> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/ecac810481a24c3eb871428b5715332ab46ed6d7"><code>ecac810</code></a> Fix a typo</li> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/aa90de2369c8fe0f1201f22049a2bbf984f0d016"><code>aa90de2</code></a> 3.4.1</li> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/87309dc9db8e849c8ea7c78f54fbe3edd71a6473"><code>87309dc</code></a> Use OIDC for publishing</li> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/db5911c1049b5c956a5b7b8b90e0869a316f1ea6"><code>db5911c</code></a> Use Node.js 24 in CI</li> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/4e2914eb78ed52c75ba02a184c1657cf0faf0b26"><code>4e2914e</code></a> Update the readme</li> <li><a href="https://github.com/remcohaszing/estree-util-value-to-estree/commit/8b3ea8d59efc33b104716a37c365915982f4baf9"><code>8b3ea8d</code></a> Update Temporal support</li> <li>Additional commits viewable in <a href="https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.0.1...v3.5.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for estree-util-value-to-estree since your current version.</p> </details> <br /> Updates `http-proxy-middleware` from 2.0.7 to 2.0.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chimurai/http-proxy-middleware/releases">http-proxy-middleware's releases</a>.</em></p> <blockquote> <h2>v2.0.9</h2> <h2>What's Changed</h2> <ul> <li>fix(fixRequestBody): check readableLength by <a href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1097">chimurai/http-proxy-middleware#1097</a></li> <li>chore(package): v2.0.9 by <a href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1099">chimurai/http-proxy-middleware#1099</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9</a></p> <h2>v2.0.8</h2> <h2>What's Changed</h2> <ul> <li>fix(fixRequestBody): prevent multiple .write() calls by <a href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1090">chimurai/http-proxy-middleware#1090</a></li> <li>fix(fixRequestBody): handle invalid request by <a href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1091">chimurai/http-proxy-middleware#1091</a></li> <li>chore(package): v2.0.8 by <a href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1094">chimurai/http-proxy-middleware#1094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md">http-proxy-middleware's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9">v2.0.9</a></h2> <ul> <li>fix(fixRequestBody): check readableLength</li> </ul> <h2><a href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8">v2.0.8</a></h2> <ul> <li>fix(fixRequestBody): prevent multiple .write() calls</li> <li>fix(fixRequestBody): handle invalid request</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chimurai/http-proxy-middleware/commit/617a7c9da9cc90ecc00b0c8b1c2f6a385c879cb1"><code>617a7c9</code></a> chore(package): v2.0.9 (<a href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1099">#1099</a>)</li> <li><a href="https://github.com/chimurai/http-proxy-middleware/commit/d22d58764832fea429d60109a19e1a23136d4425"><code>d22d587</code></a> fix(fixRequestBody): check readableLength (<a href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1097">#1097</a>)</li> <li><a href="https://github.com/chimurai/http-proxy-middleware/commit/d03d51b54ac8d40db8438a8b216cf1ea92bb7849"><code>d03d51b</code></a> chore(package): v2.0.8 (<a href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1094">#1094</a>)</li> <li><a href="https://github.com/chimurai/http-proxy-middleware/commit/c50dd06d9102fbb81dd4cbad7a295dddee5f6e1e"><code>c50dd06</code></a> fix(fixRequestBody): handle invalid request (<a href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1091">#1091</a>)</li> <li><a href="https://github.com/chimurai/http-proxy-middleware/commit/76a9d8d6dc2b971f63df19d805c7ab656540525b"><code>76a9d8d</code></a> fix(fixRequestBody): prevent multiple .write() calls (<a href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1090">#1090</a>)</li> <li>See full diff in <a href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.9">compare view</a></li> </ul> </details> <br /> Updates `image-size` from 1.1.1 to 1.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/image-size/image-size/releases">image-size's releases</a>.</em></p> <blockquote> <h2>v1.2.1</h2> <h2>Fixes</h2> <ul> <li>fix potential Denial of Service via specially crafted payloads in <a href="https://github.com/image-size/image-size/commit/640a67d9e821baee4cb596def8db00627f649dfc">https://github.com/image-size/image-size/commit/640a67d9e821baee4cb596def8db00627f649dfc</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/image-size/image-size/compare/v1.2.0...v1.2.1">https://github.com/image-size/image-size/compare/v1.2.0...v1.2.1</a></p> <h2>v1.2.0</h2> <p>This release adds support for JPEG-XL ( <a href="https://redirect.github.com/image-size/image-size/issues/409">#409</a> )</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/image-size/image-size/commit/a4178fbb334ddb22d94cb4228ed597c24fd02e10"><code>a4178fb</code></a> 1.2.1</li> <li><a href="https://github.com/image-size/image-size/commit/640a67d9e821baee4cb596def8db00627f649dfc"><code>640a67d</code></a> fix potential Denial of Service via specially crafted payloads</li> <li><a href="https://github.com/image-size/image-size/commit/9d41448d7843405d1ff2c59352ec17a9bca3f358"><code>9d41448</code></a> 1.2.0</li> <li><a href="https://github.com/image-size/image-size/commit/405a244dae9d8576528869b89229cae539f7e901"><code>405a244</code></a> fixups</li> <li><a href="https://github.com/image-size/image-size/commit/76c5c9a8aa9b38e8c703136e5a4f8c5cadc74dff"><code>76c5c9a</code></a> mention jpeg-xl in the readme</li> <li><a href="https://github.com/image-size/image-size/commit/a10262c7c32e40ac269e3434afa07895c11a1274"><code>a10262c</code></a> Add support for JPEG XL (<a href="https://redirect.github.com/image-size/image-size/issues/409">#409</a>)</li> <li><a href="https://github.com/image-size/image-size/commit/a7a24a3fc4ce750cec253618d33967b3b9d331d7"><code>a7a24a3</code></a> (app): Fix typo in comments (<a href="https://redirect.github.com/image-size/image-size/issues/411">#411</a>)</li> <li><a href="https://github.com/image-size/image-size/commit/9f482134b358dd83f58501ccc3b18df2305c9793"><code>9f48213</code></a> update dependencies, and reformat code with eslint 9</li> <li><a href="https://github.com/image-size/image-size/commit/64dda84cca1551e219a47b1ab1e3c51adc8db0e4"><code>64dda84</code></a> refactor formats that use a ISO-BMFF container</li> <li><a href="https://github.com/image-size/image-size/commit/e3ea53801dc3ca9d7548c063bfc39c2d8e159419"><code>e3ea538</code></a> no need to create hex strings in j2c</li> <li>Additional commits viewable in <a href="https://github.com/image-size/image-size/compare/v1.1.1...v1.2.1">compare view</a></li> </ul> </details> <br /> Updates `on-headers` from 1.0.2 to 1.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jshttp/on-headers/releases">on-headers's releases</a>.</em></p> <blockquote> <h2>1.1.0</h2> <h2>Important</h2> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-7339">CVE-2025-7339</a> (<a href="https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q">GHSA-76c9-3jph-rj3q</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>Migrate CI pipeline to GitHub actions by <a href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/12">jshttp/on-headers#12</a></li> <li>fix README.md badges by <a href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/13">jshttp/on-headers#13</a></li> <li>add OSSF scorecard action by <a href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/14">jshttp/on-headers#14</a></li> <li>fix: use <code>ubuntu-latest</code> as ci runner by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/19">jshttp/on-headers#19</a></li> <li>ci: apply OSSF Scorecard security best practices by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/20">jshttp/on-headers#20</a></li> <li>👷 add upstream change detection by <a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/31">jshttp/on-headers#31</a></li> <li>✨ add script to update known hashes by <a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/32">jshttp/on-headers#32</a></li> <li>💚 update CI - add newer node versions by <a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/33">jshttp/on-headers#33</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/carpasse"><code>@​carpasse</code></a> made their first contribution in <a href="https://redirect.github.com/jshttp/on-headers/pull/12">jshttp/on-headers#12</a></li> <li><a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> made their first contribution in <a href="https://redirect.github.com/jshttp/on-headers/pull/19">jshttp/on-headers#19</a></li> <li><a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> made their first contribution in <a href="https://redirect.github.com/jshttp/on-headers/pull/31">jshttp/on-headers#31</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0">https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jshttp/on-headers/blob/master/HISTORY.md">on-headers's changelog</a>.</em></p> <blockquote> <h1>1.1.0 / 2025-07-17</h1> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-7339">CVE-2025-7339</a> (<a href="https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q">GHSA-76c9-3jph-rj3q</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jshttp/on-headers/commit/4b017af88f5375bbdf3ad2ee732d2c122e4f52b0"><code>4b017af</code></a> 1.1.0</li> <li><a href="https://github.com/jshttp/on-headers/commit/b636f2d08e6c1e0a784b53a13cd61e05c09bb118"><code>b636f2d</code></a> ♻️ refactor header array code</li> <li><a href="https://github.com/jshttp/on-headers/commit/3e2c2d46c3e9592f6a1c3a3a1dbe622401f95d39"><code>3e2c2d4</code></a> ✨ ignore falsy header keys, matching node behavior</li> <li><a href="https://github.com/jshttp/on-headers/commit/172eb41b99a5a290b27a2c43fe602ca33aa1c8ce"><code>172eb41</code></a> ✨ support duplicate headers</li> <li><a href="https://github.com/jshttp/on-headers/commit/c6e384908c9c6127d18831d16ab0bd96e1231867"><code>c6e3849</code></a> 🔒️ fix array handling</li> <li><a href="https://github.com/jshttp/on-headers/commit/6893518341bb4e5363285df086b3158302d3b216"><code>6893518</code></a> 💚 update CI - add newer node versions</li> <li><a href="https://github.com/jshttp/on-headers/commit/56a345d82b51a0dcb8d09f061f87b1fd1dc4c01e"><code>56a345d</code></a> ✨ add script to update known hashes</li> <li><a href="https://github.com/jshttp/on-headers/commit/175ab217155d525371a5416ff059f895a3a532a6"><code>175ab21</code></a> 👷 add upstream change detection (<a href="https://redirect.github.com/jshttp/on-headers/issues/31">#31</a>)</li> <li><a href="https://github.com/jshttp/on-headers/commit/ce0b2c8fcd313d38d3534fb731050dc16e105bf6"><code>ce0b2c8</code></a> ci: apply OSSF Scorecard security best practices (<a href="https://redirect.github.com/jshttp/on-headers/issues/20">#20</a>)</li> <li><a href="https://github.com/jshttp/on-headers/commit/1a38c543e75cd06217b449531de10b1758e35299"><code>1a38c54</code></a> fix: use <code>ubuntu-latest</code> as ci runner (<a href="https://redirect.github.com/jshttp/on-headers/issues/19">#19</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new releaser for on-headers since your current version.</p> </details> <br /> Updates `prismjs` from 1.29.0 to 1.30.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PrismJS/prism/releases">prismjs's releases</a>.</em></p> <blockquote> <h2>v1.30.0</h2> <h2>What's Changed</h2> <ul> <li>check that <code>currentScript</code> is set by a script tag by <a href="https://github.com/lkuechler"><code>@​lkuechler</code></a> in <a href="https://redirect.github.com/PrismJS/prism/pull/3863">PrismJS/prism#3863</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lkuechler"><code>@​lkuechler</code></a> made their first contribution in <a href="https://redirect.github.com/PrismJS/prism/pull/3863">PrismJS/prism#3863</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/PrismJS/prism/compare/v1.29.0...v1.30.0">https://github.com/PrismJS/prism/compare/v1.29.0...v1.30.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PrismJS/prism/blob/v2/CHANGELOG.md">prismjs's changelog</a>.</em></p> <blockquote> <h1>Prism Changelog</h1> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PrismJS/prism/commit/76dde18a575831c91491895193f56081ac08b0c5"><code>76dde18</code></a> Release 1.30.0</li> <li><a href="https://github.com/PrismJS/prism/commit/93cca40b364215210f23a9e35f085a682a2b8175"><code>93cca40</code></a> npm pkg fix</li> <li><a href="https://github.com/PrismJS/prism/commit/99c5ca970f18f744d75e473573d4679100f87086"><code>99c5ca9</code></a> Add release script</li> <li><a href="https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d"><code>8e8b935</code></a> check that currentScript is set by a script tag (<a href="https://redirect.github.com/PrismJS/prism/issues/3863">#3863</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/f894dc2cbb507f565a046fed844fd541f07aa191"><code>f894dc2</code></a> Fix logo in the footer</li> <li><a href="https://github.com/PrismJS/prism/commit/ac38dcec9bea6bac064a7264b7aeba086e3102bf"><code>ac38dce</code></a> Delete CNAME</li> <li><a href="https://github.com/PrismJS/prism/commit/9b5b09aef4dc2c18c28d2f5a6244d4efcc6ab5cb"><code>9b5b09a</code></a> Enable CORS</li> <li>See full diff in <a href="https://github.com/PrismJS/prism/compare/v1.29.0...v1.30.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~dmitrysharabin">dmitrysharabin</a>, a new releaser for prismjs since your current version.</p> </details> <br /> Updates `serialize-javascript` from 6.0.1 to 6.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/yahoo/serialize-javascript/releases">serialize-javascript's releases</a>.</em></p> <blockquote> <h2>v6.0.2</h2> <ul> <li>fix: serialize URL string contents to prevent XSS (<a href="https://redirect.github.com/yahoo/serialize-javascript/issues/173">#173</a>) f27d65d</li> <li>Bump <code>@​babel/traverse</code> from 7.10.1 to 7.23.7 (<a href="https://redirect.github.com/yahoo/serialize-javascript/issues/171">#171</a>) 02499c0</li> <li>docs: update readme with URL support (<a href="https://redirect.github.com/yahoo/serialize-javascript/issues/146">#146</a>) 0d88527</li> <li>chore: update node version and lock file e2a3a91</li> <li>fix typo (<a href="https://redirect.github.com/yahoo/serialize-javascript/issues/164">#164</a>) 5a1fa64</li> </ul> <p><a href="https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2">https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/yahoo/serialize-javascript/commit/b71ec23841d7cf30847d3071d9da38ee0b397fc8"><code>b71ec23</code></a> 6.0.2</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e"><code>f27d65d</code></a> fix: serialize URL string contents to prevent XSS (<a href="https://redirect.github.com/yahoo/serialize-javascript/issues/173">#173</a>)</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/02499c0adfb40f48e1ebdcbe6fffc83b162b95e9"><code>02499c0</code></a> Bump <code>@​babel/traverse</code> from 7.10.1 to 7.23.7 (<a href="https://redirect.github.com/yahoo/serialize-javascript/issues/171">#171</a>)</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/0d885272f45069b1207189ae18a6f2726b4abaa9"><code>0d88527</code></a> docs: update readme with URL support (<a href="https://redirect.github.com/yahoo/serialize-javascript/issues/146">#146</a>)</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/e2a3a9173e6770ee92e02d95d6a8e7958dfb419d"><code>e2a3a91</code></a> chore: update node version and lock file</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/5a1fa646d9cbbe0b4f13c07f01c249fb2493e20f"><code>5a1fa64</code></a> fix typo (<a href="https://redirect.github.com/yahoo/serialize-javascript/issues/164">#164</a>)</li> <li>See full diff in <a href="https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2">compare view</a></li> </ul> </details> <br /> Updates `ws` from 7.5.9 to 7.5.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>7.5.10</h2> <h1>Bug fixes</h1> <ul> <li>Backported e55e5106 to the 7.x release line (22c28763).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/websockets/ws/commit/d962d70649e393841ee1ed726a8f7ffbe90d0c06"><code>d962d70</code></a> [dist] 7.5.10</li> <li><a href="https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f"><code>22c2876</code></a> [security] Fix crash when the Upgrade header cannot be read (<a href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>)</li> <li>See full diff in <a href="https://github.com/websockets/ws/compare/7.5.9...7.5.10">compare view</a></li> </ul> </details> <br /> Updates `ws` from 8.16.0 to 8.18.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>7.5.10</h2> <h1>Bug fixes</h1> <ul> <li>Backported e55e5106 to the 7.x release line (22c28763).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/websockets/ws/commit/d962d70649e393841ee1ed726a8f7ffbe90d0c06"><code>d962d70</code></a> [dist] 7.5.10</li> <li><a href="https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f"><code>22c2876</code></a> [security] Fix crash when the Upgrade header cannot be read (<a href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>)</li> <li>See full diff in <a href="https://github.com/websockets/ws/compare/7.5.9...7.5.10">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/twodarek/pathvector/network/alerts). </details>

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

go

Pull requests that update go code

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

javascript

Pull requests that update javascript code

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

go

good first issue

help wanted

invalid

javascript

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

twodarek/pathvector!2

No description provided.