Skip to content
This repository was archived by the owner on Apr 29, 2026. It is now read-only.

Bump devalue from 5.6.3 to 5.7.1 in /pwa#13

Merged
navicore merged 1 commit into
mainfrom
dependabot/npm_and_yarn/pwa/devalue-5.7.1
Apr 17, 2026
Merged

Bump devalue from 5.6.3 to 5.7.1 in /pwa#13
navicore merged 1 commit into
mainfrom
dependabot/npm_and_yarn/pwa/devalue-5.7.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026
edited
Loading

Bumps devalue from 5.6.3 to 5.7.1.

Release notes

Sourced from devalue's releases.

v5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

v5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values

v5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

Changelog

Sourced from devalue's changelog.

5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values

5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 17, 2026
@dependabot dependabot Bot mentioned this pull request Apr 17, 2026
Closed
@dependabot
Bump devalue from 5.6.2 to 5.7.1 in /pwa
c4f2db3 
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.6.2 to 5.7.1.
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](sveltejs/devalue@v5.6.2...v5.7.1)

---
updated-dependencies:
- dependency-name: devalue
  dependency-version: 5.7.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump devalue from 5.6.2 to 5.7.1 in /pwa Bump devalue from 5.6.3 to 5.7.1 in /pwa Apr 17, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/pwa/devalue-5.7.1 branch from 7b0c3d6 to c4f2db3 Compare April 17, 2026 22:20
@navicore navicore merged commit 18913c7 into main Apr 17, 2026
1 of 2 checks passed
@navicore navicore deleted the dependabot/npm_and_yarn/pwa/devalue-5.7.1 branch April 17, 2026 22:40
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@navicore