Bump the npm_and_yarn group across 13 directories with 20 updates #12

dependabot · 2025-09-19T23:30:04Z

Bumps the npm_and_yarn group with 2 updates in the /src/SignalR/clients/ts/signalr directory: ws and tough-cookie.
Bumps the npm_and_yarn group with 1 update in the /src/SignalR/clients/ts/signalr-protocol-msgpack directory: tough-cookie.
Bumps the npm_and_yarn group with 8 updates in the /src/SignalR/clients/ts/common directory:

Package	From	To
ws	`7.4.6`	`7.5.10`
@babel/traverse	`7.14.0`	`7.28.4`
brace-expansion	`1.1.11`	`1.1.12`
decode-uri-component	`0.2.0`	`0.2.2`
json5	`2.2.0`	`2.2.3`
loader-utils	`2.0.0`	`2.0.4`
qs	`6.5.2`	`6.5.3`
serialize-javascript	`6.0.0`	`6.0.2`

Bumps the npm_and_yarn group with 11 updates in the /src/SignalR/clients/ts/FunctionalTests directory:

Package	From	To
tough-cookie	`4.0.0`	`4.1.4`
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
decode-uri-component	`0.2.0`	`0.2.2`
form-data	`3.0.1`	`3.0.4`
serialize-javascript	`6.0.0`	`6.0.2`
body-parser	`1.19.0`	`1.20.3`
follow-redirects	`1.14.8`	`1.15.11`
socket.io	`4.4.1`	`4.8.1`
tar-fs	`2.1.1`	`2.1.4`
tmp	`0.2.1`	`0.2.5`

Bumps the npm_and_yarn group with 2 updates in the /src/ProjectTemplates/test/Templates.Tests directory: cross-spawn and http-cache-semantics.
Bumps the npm_and_yarn group with 2 updates in the /src/ProjectTemplates/test/Templates.Blazor.Tests directory: cross-spawn and http-cache-semantics.
Bumps the npm_and_yarn group with 3 updates in the /src/JSInterop/Microsoft.JSInterop.JS/src directory: brace-expansion, braces and cross-spawn.
Bumps the npm_and_yarn group with 3 updates in the /src/Components/test/E2ETest directory: brace-expansion, cross-spawn and http-cache-semantics.
Bumps the npm_and_yarn group with 6 updates in the /src/Components/WebAssembly/WebAssembly.Authentication/src/Interop directory:

Package	From	To
@babel/traverse	`7.15.0`	`7.28.4`
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
cross-spawn	`7.0.3`	`7.0.6`
json5	`2.2.0`	`2.2.3`
crypto-js	`4.1.1`	`4.2.0`

Bumps the npm_and_yarn group with 6 updates in the /src/Components/WebAssembly/Authentication.Msal/src/Interop directory:

Package	From	To
@babel/traverse	`7.15.0`	`7.28.4`
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
cross-spawn	`7.0.3`	`7.0.6`
json5	`2.2.0`	`2.2.3`
serialize-javascript	`6.0.0`	`6.0.2`

Bumps the npm_and_yarn group with 7 updates in the /src/Components/Web.JS directory:

Package	From	To
tough-cookie	`4.0.0`	`4.1.4`
@babel/traverse	`7.18.6`	`7.28.4`
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
cross-spawn	`7.0.3`	`7.0.6`
json5	`2.2.1`	`2.2.3`
serialize-javascript	`6.0.0`	`6.0.2`

Bumps the npm_and_yarn group with 1 update in the /src/Components/Web.JS/@types/dotnet directory: rollup.
Bumps the npm_and_yarn group with 6 updates in the /src/Components/CustomElements/src/js directory:

Package	From	To
@babel/traverse	`7.18.5`	`7.28.4`
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
cross-spawn	`7.0.3`	`7.0.6`
json5	`2.2.1`	`2.2.3`
serialize-javascript	`6.0.0`	`6.0.2`

Updates ws from 7.4.6 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

Backported 0fdcc0af to the 7.x release line (2758ed35).

Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

Backported b8186dd1 to the 7.x release line (73dec34b).

Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

Backported 6a72da3e to the 7.x release line (76087fbf).

Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).

Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).

Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

... (truncated)

Commits

d962d70 [dist] 7.5.10
22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
8a78f87 [dist] 7.5.9
0435e6e [security] Fix same host check for ws+unix: redirects
4271f07 [dist] 7.5.8
dc1781b [security] Drop sensitive headers when following insecure redirects
2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
a370613 [dist] 7.5.7
1f72e2e [security] Drop sensitive headers when following redirects (#2013)
8ecd890 [dist] 7.5.6
Additional commits viewable in compare view

Updates tough-cookie from 4.0.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

Add local alias for toString by @corvidism in salesforce/tough-cookie#409

Fix incorrect string validation for URL by @coditva in salesforce/tough-cookie#261

New Contributors

@corvidism made their first contribution in salesforce/tough-cookie#409

@coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

fix: allow set cookies with localhost by @colincasey in salesforce/tough-cookie#253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

fix: allow special use domains by default by @colincasey in salesforce/tough-cookie#249

4.1.1 Patch -- allow special use domains by default by @awaterma in salesforce/tough-cookie#250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

Create CHANGELOG.md by @ShivanKaul in salesforce/tough-cookie#189

Missing param validation issue145 by @medelibero-sfdc in salesforce/tough-cookie#193

Create SECURITY.md by @ShivanKaul in salesforce/tough-cookie#201

Create CODE_OF_CONDUCT.md by @ShivanKaul in salesforce/tough-cookie#200

Fix for issue #195 by @medelibero-sfdc in salesforce/tough-cookie#202

Add explanation and more special-use domains by @ShivanKaul in salesforce/tough-cookie#203

Sync of constructor options for serialization by @medelibero-sfdc in salesforce/tough-cookie#204

Returned null in case of empty cookie value by @vsin12 in salesforce/tough-cookie#196

132 str trim not a function by @awaterma in salesforce/tough-cookie#209

Fix for issue #153 by @medelibero-sfdc in salesforce/tough-cookie#210

Fix permuteDomain with trailing dot by @ruoho-sfdc in salesforce/tough-cookie#216

Issue #213 -- added gh-actions flow for building and testing tough-co… by @awaterma in salesforce/tough-cookie#218

... (truncated)

Commits

cacbc37 Bump version to 4.1.4
a48fb3a Add tests for url validation
50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
1253d58 Merge pull request #409 from corvidism/validators-to-string
238367e Add local alias for toString
4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
12d4747 Prevent prototype pollution in cookie memstore (#283)
f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
cf6debd Fix incorrect string validation for URL
b1a8898 fix: allow set cookies with localhost (#253)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.

Updates tough-cookie from 4.0.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

Add local alias for toString by @corvidism in salesforce/tough-cookie#409

Fix incorrect string validation for URL by @coditva in salesforce/tough-cookie#261

New Contributors

@corvidism made their first contribution in salesforce/tough-cookie#409

@coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

fix: allow set cookies with localhost by @colincasey in salesforce/tough-cookie#253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

fix: allow special use domains by default by @colincasey in salesforce/tough-cookie#249

4.1.1 Patch -- allow special use domains by default by @awaterma in salesforce/tough-cookie#250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

Create CHANGELOG.md by @ShivanKaul in salesforce/tough-cookie#189

Missing param validation issue145 by @medelibero-sfdc in salesforce/tough-cookie#193

Create SECURITY.md by @ShivanKaul in salesforce/tough-cookie#201

Create CODE_OF_CONDUCT.md by @ShivanKaul in salesforce/tough-cookie#200

Fix for issue #195 by @medelibero-sfdc in salesforce/tough-cookie#202

Add explanation and more special-use domains by @ShivanKaul in salesforce/tough-cookie#203

Sync of constructor options for serialization by @medelibero-sfdc in salesforce/tough-cookie#204

Returned null in case of empty cookie value by @vsin12 in salesforce/tough-cookie#196

132 str trim not a function by @awaterma in salesforce/tough-cookie#209

Fix for issue #153 by @medelibero-sfdc in salesforce/tough-cookie#210

Fix permuteDomain with trailing dot by @ruoho-sfdc in salesforce/tough-cookie#216

Issue #213 -- added gh-actions flow for building and testing tough-co… by @awaterma in salesforce/tough-cookie#218

... (truncated)

Commits

cacbc37 Bump version to 4.1.4
a48fb3a Add tests for url validation
50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
1253d58 Merge pull request #409 from corvidism/validators-to-string
238367e Add local alias for toString
4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
12d4747 Prevent prototype pollution in cookie memstore (#283)
f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
cf6debd Fix incorrect string validation for URL
b1a8898 fix: allow set cookies with localhost (#253)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.

Updates ws from 7.4.6 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

Backported 0fdcc0af to the 7.x release line (2758ed35).

Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

Backported b8186dd1 to the 7.x release line (73dec34b).

Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

Backported 6a72da3e to the 7.x release line (76087fbf).

Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).

Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).

Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

... (truncated)

Commits

d962d70 [dist] 7.5.10
22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
8a78f87 [dist] 7.5.9
0435e6e [security] Fix same host check for ws+unix: redirects
4271f07 [dist] 7.5.8
dc1781b [security] Drop sensitive headers when following insecure redirects
2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
a370613 [dist] 7.5.7
1f72e2e [security] Drop sensitive headers when following redirects (#2013)
8ecd890 [dist] 7.5.6
Additional commits viewable in compare view

Updates @babel/traverse from 7.14.0 to 7.28.4

Release notes

Sourced from @babel/traverse's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
b41f8cd Update Jest to v30.1.1 (#17493)
22493b6 Improve @babel/traverse typings (#17485)
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
5051613 Type-check .d.ts file with strict: true (#17461)
ccc5fae v7.28.0
4b4e7e2 Create babel-helper-globals (#17297)
cf5ae03 LVal coverage updates (Part 2) (#17391)
Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

c3a7524 2.2.3
94fd06d docs: update CHANGELOG for v2.2.3
3b8cebf docs(security): use GitHub security advisories
f0fd9e1 docs: publish a security policy
6a91a05 docs(template): bug -> bug report
14f8cb1 2.2.2
10cc7ca docs: update CHANGELOG for v2.2.2
7774c10 fix: add proto to objects and arrays
edde30a Readme: slight tweak to intro
97286f8 Improve example in readme
Additional commits viewable in compare view

Updates loader-utils from 2.0.0 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

md4 support on Node.js v17 (#193) (1069f61)

Changelog

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

ReDoS problem (#225) (ac09944)

2.0.3 (2022-10-20)

Bug Fixes

security: prototype pollution exploit (#217) (a93cf6f)

2.0.2 (2021-11-04)

Bug Fixes

base64 generation and unicode characters (#197) (8c2d24e)

2.0.1 (2021-10-29)

Bug Fixes

md4 support on Node.js v17 (#193) (1069f61)

Commits

6688b50 chore(release): 2.0.4
ac09944 fix: ReDoS problem (#225)
7162619 chore(release): 2.0.3
a93cf6f fix(security): prototype polution exploit (#217)
90c7c4b chore(release): 2.0.2
8c2d24e fix: base64 generation and unicode characters (#197)
5fb5562 chore(release): 2.0.1
1069f61 fix: md4 support on Node.js v17 (#193)
See full diff in compare view

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

[Fix] parse: ignore __proto__ keys (#428)

[Fix] utils.merge: avoid a crash with a null target and a truthy non-array source

[Fix] correctly parse nested arrays

[Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)

[Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided

[Fix] when parseArrays is false, properly handle keys ending in []

[Fix] fix for an impossible situation: when the formatter is called with a non-string value

[Fix] utils.merge: avoid a crash with a null target and an array source

[Refactor] utils: reduce observable [[Get]]s

[Refactor] use cached Array.isArray

[Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)

[Refactor] parse: only need to reassign the var once

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] Clean up license text so it’s properly detected as BSD-3-Clause

[Docs] Clarify the need for "arrayLimit" option

[meta] fix README.md (#399)

[meta] add FUNDING.yml

[actions] backport actions from main

[Tests] always use String(x) over x.toString()

[Tests] remove nonexistent tape option

[Dev Deps] backport from main

Commits

298bfa5 v6.5.3
ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
12ac1c4 [meta] fix README.md (#399)
0338716 [actions] backport actions from main
5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
51b8a0b add FUNDING.yml
45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
f814a7f [Dev Deps] backport from main
Additional commits viewable in compare view

Updates serialize-javascript from 6.0.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

fix: serialize URL string contents to prevent XSS (#173) f27d65d

Bump @babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0

docs: update readme with URL support (#146) 0d88527

chore: update node version and lock file e2a3a91

fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

Bump mocha from 9.0.1 to 9.0.2 by @dependabot in yahoo/serialize-javascript#126

Bump mocha from 9.0.2 to 9.0.3 by @dependabot in yahoo/serialize-javascript#127

Bump path-parse from 1.0.6 to 1.0.7 by @dependabot in yahoo/serialize-javascript#129

Bump mocha from 9.0.3 to 9.1.0 by @dependabot in yahoo/serialize-javascript#130

Bump mocha from 9.1.0 to 9.1.1 by @dependabot in yahoo/serialize-javascript#131

Bump mocha from 9.1.1 to 9.1.2 by @dependabot in yahoo/serialize-javascript#132

Bump mocha from 9.1.2 to 9.1.3 by @dependabot in yahoo/serialize-javascript#133

Bump mocha from 9.1.3 to 9.1.4 by @dependabot in yahoo/serialize-javascript#137

Bump mocha from 9.1.4 to 9.2.0 by @dependabot in yahoo/serialize-javascript#138

Bump chai from 4.3.4 to 4.3.6 by @dependabot in yahoo/serialize-javascript#140

Bump ansi-regex from 5.0.0 to 5.0.1 by @dependabot in yahoo/serialize-javascript#141

Bump mocha from 9.2.0 to 9.2.2 by @dependabot in yahoo/serialize-javascript#143

Bump minimist from 1.2.5 to 1.2.6 by <...
Description has been truncated

Bumps the npm_and_yarn group with 2 updates in the /src/SignalR/clients/ts/signalr directory: [ws](https://github.com/websockets/ws) and [tough-cookie](https://github.com/salesforce/tough-cookie). Bumps the npm_and_yarn group with 1 update in the /src/SignalR/clients/ts/signalr-protocol-msgpack directory: [tough-cookie](https://github.com/salesforce/tough-cookie). Bumps the npm_and_yarn group with 8 updates in the /src/SignalR/clients/ts/common directory: | Package | From | To | | --- | --- | --- | | [ws](https://github.com/websockets/ws) | `7.4.6` | `7.5.10` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.14.0` | `7.28.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [json5](https://github.com/json5/json5) | `2.2.0` | `2.2.3` | | [loader-utils](https://github.com/webpack/loader-utils) | `2.0.0` | `2.0.4` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` | Bumps the npm_and_yarn group with 11 updates in the /src/SignalR/clients/ts/FunctionalTests directory: | Package | From | To | | --- | --- | --- | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` | | [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.3` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.8` | `1.15.11` | | [socket.io](https://github.com/socketio/socket.io) | `4.4.1` | `4.8.1` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` | | [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` | Bumps the npm_and_yarn group with 2 updates in the /src/ProjectTemplates/test/Templates.Tests directory: [cross-spawn](https://github.com/moxystudio/node-cross-spawn) and [http-cache-semantics](https://github.com/kornelski/http-cache-semantics). Bumps the npm_and_yarn group with 2 updates in the /src/ProjectTemplates/test/Templates.Blazor.Tests directory: [cross-spawn](https://github.com/moxystudio/node-cross-spawn) and [http-cache-semantics](https://github.com/kornelski/http-cache-semantics). Bumps the npm_and_yarn group with 3 updates in the /src/JSInterop/Microsoft.JSInterop.JS/src directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [braces](https://github.com/micromatch/braces) and [cross-spawn](https://github.com/moxystudio/node-cross-spawn). Bumps the npm_and_yarn group with 3 updates in the /src/Components/test/E2ETest directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [cross-spawn](https://github.com/moxystudio/node-cross-spawn) and [http-cache-semantics](https://github.com/kornelski/http-cache-semantics). Bumps the npm_and_yarn group with 6 updates in the /src/Components/WebAssembly/WebAssembly.Authentication/src/Interop directory: | Package | From | To | | --- | --- | --- | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.15.0` | `7.28.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [json5](https://github.com/json5/json5) | `2.2.0` | `2.2.3` | | [crypto-js](https://github.com/brix/crypto-js) | `4.1.1` | `4.2.0` | Bumps the npm_and_yarn group with 6 updates in the /src/Components/WebAssembly/Authentication.Msal/src/Interop directory: | Package | From | To | | --- | --- | --- | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.15.0` | `7.28.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [json5](https://github.com/json5/json5) | `2.2.0` | `2.2.3` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` | Bumps the npm_and_yarn group with 7 updates in the /src/Components/Web.JS directory: | Package | From | To | | --- | --- | --- | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.4` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.18.6` | `7.28.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [json5](https://github.com/json5/json5) | `2.2.1` | `2.2.3` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` | Bumps the npm_and_yarn group with 1 update in the /src/Components/Web.JS/@types/dotnet directory: [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 6 updates in the /src/Components/CustomElements/src/js directory: | Package | From | To | | --- | --- | --- | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.18.5` | `7.28.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [json5](https://github.com/json5/json5) | `2.2.1` | `2.2.3` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` | Updates `ws` from 7.4.6 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.4.6...7.5.10) Updates `tough-cookie` from 4.0.0 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4) Updates `tough-cookie` from 4.0.0 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4) Updates `ws` from 7.4.6 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.4.6...7.5.10) Updates `@babel/traverse` from 7.14.0 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-traverse) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `json5` from 2.2.0 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `loader-utils` from 2.0.0 to 2.0.4 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](webpack/loader-utils@v2.0.0...v2.0.4) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `tough-cookie` from 4.0.0 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `form-data` from 3.0.1 to 3.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/v3.0.4/CHANGELOG.md) - [Commits](form-data/form-data@v3.0.1...v3.0.4) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `follow-redirects` from 1.14.8 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.8...v1.15.11) Updates `socket.io` from 4.4.1 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/4.4.1...socket.io@4.8.1) Updates `tar-fs` from 2.1.1 to 2.1.4 - [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4) Updates `tmp` from 0.2.1 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.1...v0.2.5) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `http-cache-semantics` from 4.1.0 to 4.2.0 - [Commits](https://github.com/kornelski/http-cache-semantics/commits) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `http-cache-semantics` from 4.1.0 to 4.2.0 - [Commits](https://github.com/kornelski/http-cache-semantics/commits) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `http-cache-semantics` from 4.1.0 to 4.2.0 - [Commits](https://github.com/kornelski/http-cache-semantics/commits) Updates `@babel/traverse` from 7.15.0 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-traverse) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `json5` from 2.2.0 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `crypto-js` from 4.1.1 to 4.2.0 - [Commits](brix/crypto-js@4.1.1...4.2.0) Updates `@babel/traverse` from 7.15.0 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-traverse) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `json5` from 2.2.0 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `tough-cookie` from 4.0.0 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4) Updates `@babel/traverse` from 7.18.6 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-traverse) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `json5` from 2.2.1 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `rollup` from 2.56.3 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-2.md) - [Commits](rollup/rollup@v2.56.3...v2.79.2) Updates `@babel/traverse` from 7.18.5 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-traverse) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `json5` from 2.2.1 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) --- updated-dependencies: - dependency-name: ws dependency-version: 7.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 4.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 4.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-version: 2.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.5.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 4.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 3.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-version: 4.8.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-version: 4.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-version: 4.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-version: 4.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: crypto-js dependency-version: 4.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 4.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.79.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 19, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 13 directories with 20 updates #12

Bump the npm_and_yarn group across 13 directories with 20 updates #12

Uh oh!

dependabot bot commented on behalf of github Sep 19, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump the npm_and_yarn group across 13 directories with 20 updates #12

Are you sure you want to change the base?

Bump the npm_and_yarn group across 13 directories with 20 updates #12

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 19, 2025

7.5.10

Bug fixes

7.5.9

Bug fixes

7.5.8

Bug fixes

7.5.7

Bug fixes

7.5.6

Bug fixes

7.5.5

Bug fixes

7.5.4

Bug fixes

7.5.3

Bug fixes

7.5.2

Bug fixes

v4.1.4

What's Changed

New Contributors

4.1.3

4.1.2 -- Patch and Bugfix Release

What's Changed

4.1.1

Patch Release

What's Changed

4.1.0

What's Changed

v4.1.4

What's Changed

New Contributors

4.1.3

4.1.2 -- Patch and Bugfix Release

What's Changed

4.1.1

Patch Release

What's Changed

4.1.0

What's Changed

7.5.10

Bug fixes

7.5.9

Bug fixes

7.5.8

Bug fixes

7.5.7

Bug fixes

7.5.6

Bug fixes

7.5.5

Bug fixes

7.5.4

Bug fixes

7.5.3

Bug fixes

7.5.2

Bug fixes

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix