Skip to content

chore(deps): bump defu from 6.1.4 to 6.1.6#4258

Merged
ildyria merged 1 commit intomasterfrom
dependabot/npm_and_yarn/defu-6.1.6
Apr 6, 2026
Merged

chore(deps): bump defu from 6.1.4 to 6.1.6#4258
ildyria merged 1 commit intomasterfrom
dependabot/npm_and_yarn/defu-6.1.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 4, 2026
edited
Loading

Bumps defu from 6.1.4 to 6.1.6.

Release notes

Sourced from defu's releases.

v6.1.6

compare changes

📦 Build

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

✅ Tests

  • Add more tests for plain objects (b65f603)

❤️ Contributors

Changelog

Sourced from defu's changelog.

v6.1.6

compare changes

📦 Build

❤️ Contributors

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

🏡 Chore

✅ Tests

  • Add more tests for plain objects (b65f603)

🤖 CI

❤️ Contributors

Commits
  • 001c290 chore(release): v6.1.6
  • 407b516 build: fix mixed types
  • 23e59e6 chore(release): v6.1.5
  • 11ba022 fix: ignore inherited enumerable properties
  • 3942bfb fix: prevent prototype pollution via __proto__ in defaults (#156)
  • d3ef16d chore(deps): update actions/checkout action to v6 (#151)
  • 869a053 chore(deps): update actions/setup-node action to v6 (#149)
  • a97310c chore(deps): update codecov/codecov-action action to v6 (#154)
  • 89df6bb chore: fix typecheck
  • 9237d9c ci: bump node
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 4, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 4, 2026 06:20
@dependabot dependabot bot added the javascript Pull requests that update Javascript code label Apr 4, 2026
@ildyria
Copy link
Copy Markdown
Member

ildyria commented Apr 5, 2026

@dependabot rebase.

@dependabot
chore(deps): bump defu from 6.1.4 to 6.1.6
e26a340 
Bumps [defu](https://github.com/unjs/defu) from 6.1.4 to 6.1.6.
- [Release notes](https://github.com/unjs/defu/releases)
- [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md)
- [Commits](unjs/defu@v6.1.4...v6.1.6)

---
updated-dependencies:
- dependency-name: defu
  dependency-version: 6.1.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/defu-6.1.6 branch from 0f4bc95 to e26a340 Compare April 5, 2026 17:36
@ildyria ildyria enabled auto-merge (squash) April 6, 2026 12:35
@ildyria ildyria merged commit 3444285 into master Apr 6, 2026
80 of 81 checks passed
@ildyria ildyria deleted the dependabot/npm_and_yarn/defu-6.1.6 branch April 6, 2026 13:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ildyria ildyria ildyria approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ildyria