Release notes
Sourced from wrangler's releases.
wrangler@4.59.3
Patch Changes
#9396
75386b1Thanks@gnekich! - Fixwrangler loginwith customcallback-host/callback-portThe Cloudflare OAuth API always requires the
redirect_urito belocalhost:8976. However, sometimes the Wrangler OAuth server needed to listen on a different host/port, for example when running from inside a container. We were previously incorrectly setting theredirect_urito the configured callback host/port, but it needs to be up to the user to maplocalhost:8976to the Wrangler OAuth server in the container.Example:
You might run Wrangler inside a docker container like this:
docker run -p 8989:8976 <image>, which forwards port 8976 on your host to 8989 inside the container.Then inside the container, run
wrangler login --callback-host=0.0.0.0 --callback-port=8989The OAuth link still has a
redirect_uriset tolocalhost:8976. For examplehttps://dash.cloudflare.com/oauth2/auth?...&redirect_uri=http%3A%2F%2Flocalhost%3A8976%2Foauth%2Fcallback&...However the redirect to
localhost:8976is then forwarded to the Wrangler OAuth server inside your container, allowing the login to complete.#11925
8e4a0e5Thanks@dependabot! - chore: update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260114.0 1.20260115.0 #11942
133bf95Thanks@penalosa! - chore: update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260115.0 1.20260116.0 #11922
93d8d78Thanks@dario-piotrowicz! - Improve telemetry errors being sent to Sentry bywrangler initwhen it delegates to C3 by ensuring that they contain the output of the C3 execution.#11940
69ff962Thanks@penalosa! - Show helpful messages for file not found errors (ENOENT)When users encounter file not found errors, Wrangler now displays a helpful message with the missing file path and common causes, instead of reporting to Sentry.
#11904
22727c2Thanks@danielrs! - Fix false positive infinite loop detection for exact path redirectsFixed an issue where the redirect validation incorrectly flagged exact path redirects like
/ /index.html 200as infinite loops. This was particularly problematic whenhtml_handlingis set to "none", where such redirects are valid.The fix makes the validation more specific to only block wildcard patterns (like
/* /index.html) that would actually cause infinite loops, while allowing exact path matches that are valid in certain configurations.Fixes: cloudflare/workers-sdk#11824
#11946
fa39a73Thanks@MattieTK! - FixconfigFileNamereturning wrong filename for.jsoncconfig filesPreviously, users with a
wrangler.jsoncconfig file would see error messages and hints referring towrangler.jsoninstead ofwrangler.jsonc. This was because theconfigFormatfunction collapsed both.jsonand.jsoncfiles into a single"jsonc"value, losing the distinction between them.
... (truncated)
Commits
0c7e1f4Version Packages (#11937)75386b1Always pass a validredirect_uricallback parameter (localhost:8976) to C...d58fbd1Wrangler: Makenamethe positional argument forwrangler deleteinstead o...133bf95AddMessageBuildersupport for Email Sending API in local mode (#11942)4ac7c82[wrangler] Include version components in command event metrics (#11968)69ff962Reduce more Sentry noise (#11940)029531aWrangler: cache chosen account in memory to avoid repeated prompts (#11962)bc70bfaRe-enable Media binding e2e tests (#11954)93d8d78Ensure thatwrangler initincludes C3 error details when reporting to Sentr...fa39a73fix(wrangler): return correct config filename for .jsonc files (#11946)- Additional commits viewable in compare view
Updates `@cloudflare/vitest-pool-workers` from 0.10.15 to 0.12.5
Release notes
Sourced from @cloudflare/vitest-pool-workers's
releases.
@cloudflare/vitest-pool-workers@0.12.5Patch Changes
#11967
202c59eThanks@emily-shen! - chore: update undiciThe following dependency versions have been updated:
Dependency From To undici 7.14.0 7.18.2 Updated dependencies [
75386b1,8e4a0e5,133bf95,93d8d78,69ff962,22727c2,fa39a73,4ac7c82,69ff962,029531a,d58fbd1,202c59e,133bf95,25e2c60,69ff962]:
- wrangler@4.59.3
- miniflare@4.20260116.0
@cloudflare/vitest-pool-workers@0.12.4Patch Changes
#11898
c17e971Thanks@petebacondarwin! - Bundle more third-party dependencies to reduce supply chain riskPreviously, several small utility packages were listed as runtime dependencies and installed separately. These are now bundled directly into the published packages, reducing the number of external dependencies users need to trust.
Bundled dependencies:
- miniflare:
acorn,acorn-walk,exit-hook,glob-to-regexp,stoppable- kv-asset-handler:
mime- vite-plugin-cloudflare:
@remix-run/node-fetch-server,defu,get-port,picocolors,tinyglobby- vitest-pool-workers:
birpc,devalue,get-port,semverUpdated dependencies [
e78186d,fe4faa3,4714ca1,c17e971,695b043]:
- miniflare@4.20260114.0
- wrangler@4.59.2
@cloudflare/vitest-pool-workers@0.12.3Patch Changes
- Updated dependencies [
99b1f32]:
- wrangler@4.59.1
@cloudflare/vitest-pool-workers@0.12.2Patch Changes
... (truncated)
Changelog
Sourced from @cloudflare/vitest-pool-workers's
changelog.
0.12.5
Patch Changes
#11967
202c59eThanks@emily-shen! - chore: update undiciThe following dependency versions have been updated:
Dependency From To undici 7.14.0 7.18.2 Updated dependencies [
75386b1,8e4a0e5,133bf95,93d8d78,69ff962,22727c2,fa39a73,4ac7c82,69ff962,029531a,d58fbd1,202c59e,133bf95,25e2c60,69ff962]:
- wrangler@4.59.3
- miniflare@4.20260116.0
0.12.4
Patch Changes
#11898
c17e971Thanks@petebacondarwin! - Bundle more third-party dependencies to reduce supply chain riskPreviously, several small utility packages were listed as runtime dependencies and installed separately. These are now bundled directly into the published packages, reducing the number of external dependencies users need to trust.
Bundled dependencies:
- miniflare:
acorn,acorn-walk,exit-hook,glob-to-regexp,stoppable- kv-asset-handler:
mime- vite-plugin-cloudflare:
@remix-run/node-fetch-server,defu,get-port,picocolors,tinyglobby- vitest-pool-workers:
birpc,devalue,get-port,semverUpdated dependencies [
e78186d,fe4faa3,4714ca1,c17e971,695b043]:
- miniflare@4.20260114.0
- wrangler@4.59.2
0.12.3
Patch Changes
- Updated dependencies [
99b1f32]:
- wrangler@4.59.1
0.12.2
Patch Changes
... (truncated)
Commits
0c7e1f4Version Packages (#11937)9f59043fix(vitest-pool-workers): suppress deprecation warnings in test subprocesses ...25e2c60Bump capnp-es to ^0.0.14 (#11943)bca7114Version Packages (#11903)c17e971chore: add CI validation for external package dependencies (#11898)37a8607Version Packages (#11890)e98c95aVersion Packages (#11836)455361bVersion Packages (#11819)f978609Version Packages (#11700)6a05b1cchore(deps): update zod from ^3.22.3 to ^3.25.76 (#11493)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Changelog
Sourced from qs's changelog.
6.14.2
- [Fix]
parse: mark overflow objects for indexed notation exceedingarrayLimit(#546)- [Fix]
arrayLimitmeans max count, not max index, incombine/merge/parseArrayValue- [Fix]
parse: throw onarrayLimitexceeded with indexed notation whenthrowOnLimitExceededis true (#529)- [Fix]
parse: enforcearrayLimitoncomma-parsed values- [Fix]
parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)- [Robustness] avoid
.push, usevoid- [readme] document that
addQueryPrefixdoes not add?to empty output (#418)- [readme] clarify
parseArraysandarrayLimitdocumentation (#543)- [readme] replace runkit CI badge with shields.io check-runs badge
- [meta] fix changelog typo (
arrayLength→arrayLimit)- [actions] fix rebase workflow permissions
Commits
bdcf0c7v6.14.2294db90[readme] document thataddQueryPrefixdoes not add?to empty output5c308e5[readme] clarifyparseArraysandarrayLimitdocumentation6addf8c[Fix]parse: mark overflow objects for indexed notation exceedingarrayLimitcfc108f[Fix]arrayLimitmeans max count, not max index, incombine/merge/`pars...febb644[Fix]parse: throw onarrayLimitexceeded with indexed notation when `thr...f6a7abf[Fix]parse: enforcearrayLimitoncomma-parsed valuesfbc5206[Fix]parse: fix error message to reflect arrayLimit as max index; remove e...1b9a8b4[actions] fix rebase workflow permissions2a35775[meta] fix changelog typo (arrayLength→arrayLimit)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Release notes
Sourced from fast-xml-parser's releases.
Entity security and performance
- Improve security and performance of entity processing
- new options
maxEntitySize,maxExpansionDepth,maxTotalExpansions,maxExpandedLength,allowedTags,tagFilter- fast return when no edtity is present
- improvement replacement logic to reduce number of calls
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.5...v5.3.6
v5.3.5
What's Changed
- Add missing exports to fxp commonjs types by
@jeremymengin NaturalIntelligence/fast-xml-parser#782- fix: Escape regex char in entity name
- update strnum to 2.1.2
New Contributors
@jeremymengmade their first contribution in NaturalIntelligence/fast-xml-parser#782Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.4...v5.3.5
fix: handle HTML numeric and hex entities when out of range
No release notes provided.
bug fix and performance improvements
- fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute
- Performance improvement for stopNodes (By Maciek Lamberski)
Replace
BufferwithUint8Array
- Launched Separate CLI module
- Replace
BufferwithUint8ArraySupport EMPTY and ANY with ELEMENT in DOCTYPE
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.2.4...v5.2.4
upgrade to ESM module and fixing value parsing issues
- Support ESM modules
- fix value parsing issues
- a feature to access tag location is added (metadata)
- fix to read DOCTYPE correctly
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md
Summary update on all the previous releases from v4.2.4
- Multiple minor fixes provided in the validator and parser
- v6 is added for experimental use.
- ignoreAttributes support function, and array of string or regex
- Add support for parsing HTML numeric entities
- v5 of the application is ESM module now. However, JS is also supported
... (truncated)
Changelog
Sourced from fast-xml-parser's changelog.
Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.
5.3.6 / 2026-02-14
- Improve security and performance of entity processing
- new options
maxEntitySize,maxExpansionDepth,maxTotalExpansions,maxExpandedLength,allowedTags,tagFilter- fast return when no edtity is present
- improvement replacement logic to reduce number of calls
5.3.5 / 2026-02-08
- fix: Escape regex char in entity name
- update strnum to 2.1.2
- add missing exports in CJS typings
5.3.4 / 2026-01-30
- fix: handle HTML numeric and hex entities when out of range
5.3.3 / 2025-12-12
- fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute
5.3.2 / 2025-11-14
- fix for import statement for v6
5.3.1 / 2025-11-03
- Performance improvement for stopNodes (By Maciek Lamberski)
5.3.0 / 2025-10-03
- Use
Uint8Arrayin place ofBufferin Parser5.2.5 / 2025-06-08
- Inform user to use fxp-cli instead of in-built CLI feature
- Export typings for direct use
5.2.4 / 2025-06-06
- fix (#747): fix EMPTY and ANY with ELEMENT in DOCTYPE
5.2.3 / 2025-05-11
- fix (#747): support EMPTY and ANY with ELEMENT in DOCTYPE
5.2.2 / 2025-05-05
- fix (#746): update strnum to fix parsing issues related to enotations
5.2.1 / 2025-04-22
- fix: read DOCTYPE entity value correctly
- read DOCTYPE NOTATION, ELEMENT exp but not using read values
5.2.0 / 2025-04-03
... (truncated)
Commits
- See full diff in compare view
Updates `@google-cloud/storage` from 7.17.3 to 7.19.0
Release notes
Sourced from @google-cloud/storage's
releases.
v7.19.0
7.19.0 (2026-02-05)
Features
Bug Fixes
v7.18.0
7.18.0 (2025-11-28)
Features
Changelog
Sourced from @google-cloud/storage's
changelog.
7.19.0 (2026-02-05)
Features
Bug Fixes
7.18.0 (2025-11-28)
Features
Commits
95a2af4chore(main): release 7.19.0 (#2694)420935afix(deps): update dependency fast-xml-parser to v5 [security] (#2713)4e3c328test: skip system tests requiring public access (#2717)3052265chore: fix lint failures (#2685)08a8962feat: Enable full object checksum validation on JSON path (#2687)3dcda1bchore: lint failures (#2681)3e5210fchore(main): release 7.18.0 (#2684)c7004dafeat(listBuckets): Add support for returning partial success (#2678)633a13achore(python): remove configure_previous_major_version_branches (#2675)bae7040samples: Add Soft Delete policy and object management samples (#2676)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Changelog
Sourced from qs's changelog.
6.15.0
- [New]
parse: addstrictMergeoption to wrap object/primitive conflicts in an array (#425, #122)- [Fix]
duplicatesoption should not apply to bracket notation keys (#514)6.14.2
- [Fix]
parse: mark overflow objects for indexed notation exceedingarrayLimit(#546)- [Fix]
arrayLimitmeans max count, not max index, incombine/merge/parseArrayValue- [Fix]
parse: throw onarrayLimitexceeded with indexed notation whenthrowOnLimitExceededis true (#529)- [Fix]
parse: enforcearrayLimitoncomma-parsed values- [Fix]
parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)- [Robustness] avoid
.push, usevoid- [readme] document that
addQueryPrefixdoes not add?to empty output (#418)- [readme] clarify
parseArraysandarrayLimitdocumentation (#543)- [readme] replace runkit CI badge with shields.io check-runs badge
- [meta] fix changelog typo (
arrayLength→arrayLimit)- [actions] fix rebase workflow permissions
Commits
d9b4c66v6.15.0cb41a54[New]parse: addstrictMergeoption to wrap object/primitive conflicts in...88e1563[Fix]duplicatesoption should not apply to bracket notation keys9d441d2Merge backport release tags v6.0.6–v6.13.3 into main85cc8cav6.12.5ffc12aav6.11.40506b11[actions] update reusable workflows6a37faf[actions] update reusable workflows8e8df5a[Fix] fix regressions from robustness refactord60bab3v6.10.7- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Commits
8a10e479.0.9c6f1806brace-expansion@2446cfa39.0.88fa151adocs: add warning about ReDoS71b78a2fix partial matching of globstar patterns2de496f9.0.70d4616dlimit nested extglob recursion, flatten extglobs7117ef39.0.62418458update deps, do not checkin dist1d1f531update deps- Additional commits viewable in compare view
Updates `minimatch` from 5.1.6 to 5.1.9
Commits
8a10e479.0.9c6f1806brace-expansion@2446cfa39.0.88fa151adocs: add warning about ReDoS71b78a2fix partial matching of globstar patterns2de496f9.0.70d4616dlimit nested extglob recursion, flatten extglobs7117ef39.0.62418458update deps, do not checkin dist1d1f531update deps- Additional commits viewable in compare view
Updates `minimatch` from 3.1.2 to 3.1.5
Commits
8a10e479.0.9c6f1806brace-expansion@2446cfa39.0.88fa151adocs: add warning about ReDoS71b78a2fix partial matching of globstar patterns2de496f9.0.70d4616dlimit nested extglob recursion, flatten extglobs7117ef39.0.62418458update deps, do not checkin dist1d1f531update deps- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Release notes
Sourced from fast-xml-parser's releases.
Separate Builder
XML Builder was the part of fast-xml-parser for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.
Migration
To migrate to fast-xml-builder;
From
import { XMLBuilder } from "fast-xml-parser";To
import XMLBuilder from "fast-xml-builder";XMLBuilder will be removed from current package in any next major version of this library. So better to migrate.
support strictReservedNames
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.9...v5.3.9
handle non-array input for XML builder && support maxNestedTags
- support maxNestedTags
- handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
- save use of js properies Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.7...v5.3.8
CJS typing fix
What's Changed
- Unexport
X2jOptionsat declaration site by@Drarig29in NaturalIntelligence/fast-xml-parser#787New Contributors
@Drarig29made their first contribution in NaturalIntelligence/fast-xml-parser#787Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.3.7
Changelog
Sourced from fast-xml-parser's changelog.
Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.
Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion
5.4.1 / 2026-02-25
- fix (#785) unpairedTag node should not have tag content
5.4.0 / 2026-02-25
- migrate to fast-xml-builder
5.3.9 / 2026-02-25
- support strictReservedNames
5.3.8 / 2026-02-25
- support maxNestedTags
- handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
- save use of js properies
5.3.7 / 2026-02-20
- fix typings for CJS (By Corentin Girard)
5.3.6 / 2026-02-14
- Improve security and performance of entity processing
- new options
maxEntitySize,maxExpansionDepth,maxTotalExpansions,maxExpandedLength,allowedTags,tagFilter- fast return when no edtity is present
- improvement replacement logic to reduce number of calls
5.3.5 / 2026-02-08
- fix: Escape regex char in entity name
- update strnum to 2.1.2
- add missing exports in CJS typings
5.3.4 / 2026-01-30
- fix: handle HTML numeric and hex entities when out of range
5.3.3 / 2025-12-12
- fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute
5.3.2 / 2025-11-14
- fix for import statement for v6
5.3.1 / 2025-11-03
- Performance improvement for stopNodes (By Maciek Lamberski)
5.3.0 / 2025-10-03
... (truncated)
Commits
4e7ca80update release info36023b4fix (#785) unpairedTag node should not have tag contentb366026separate builder6f333a8update release infoc3ffbabsupport strictReservedNamesc692040update release info107e34cavoid{}to create an empty object60835a4support maxNestedTagsf55657cavoid direct call to hasOwnPropertyc13a961handle non-array input for XML builder when preserveOrder is true- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Release notes
Sourced from rollup's releases.
v4.59.0
4.59.0
2026-02-22
Features
- Throw when the generated bundle contains paths that would leave the output directory (#6276)
Pull Requests
- #6275: Validate bundle stays within output dir (
@lukastaegert)v4.58.0
4.58.0
2026-02-20
Features
- Also support
__NO_SIDE_EFFECTS__annotation before variable declarations declaring function expressions (#6272)Pull Requests
- #6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (
@njg7194,@lukastaegert)- #6259: docs: Correct typo and improve sentence structure in docs for
output.experimentalMinChunkSize(@millerick,@lukastaegert)- #6260: fix(deps): update rust crate swc_compiler_base to v47 (
@renovate[bot],@lukastaegert)- #6261: fix(deps): lock file maintenance minor/patch updates (
@renovate[bot],@lukastaegert)- #6262: Avoid unnecessary cloning of the code string (
@lukastaegert)- #6263: fix(deps): update minor/patch updates (
@renovate[bot],@lukastaegert)- #6265: chore(deps): lock file maintenance (
@renovate[bot])- #6267: fix(deps): update minor/patch updates (
@renovate[bot])- #6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (
@renovate[bot],@lukastaegert)- #6269: chore(deps): update dependency lru-cache to v11 (
@renovate[bot])- #6270: chore(deps): lock file maintenance (
@renovate[bot])- #6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (
@lukastaegert)v4.57.1
4.57.1
2026-01-30
Bug Fixes
- Fix heap corruption issue in Windows (#6251)
- Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)
Pull Requests
- #6251: fix: Isolate and cache
process.report.getReport()calls in a child process for robust environment detection (@alan-agius4,@lukastaegert)
... (truncated)
Changelog
Sourced from rollup's changelog.
4.59.0
2026-02-22
Features
- Throw when the generated bundle contains paths that would leave the output directory (#6276)
Pull Requests
- #6275: Validate bundle stays within output dir (
@lukastaegert)4.58.0
2026-02-20
Features
- Also support
__NO_SIDE_EFFECTS__annotation before variable declarations declaring function expressions (#6272)Pull Requests
- #6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (
@njg7194,@lukastaegert)- #6259: docs: Correct typo and improve sentence structure in docs for
output.experimentalMinChunkSize(@millerick,@lukastaegert)- #6260: fix(deps): update rust crate swc_compiler_base to v47 (
@renovate[bot],@lukastaegert)- #6261: fix(deps): lock file maintenance minor/patch updates (
@renovate[bot],@lukastaegert)- #6262: Avoid unnecessary cloning of the code string (
@lukastaegert)- #6263: fix(deps): update minor/patch updates (
@renovate[bot],@lukastaegert)- #6265: chore(deps): lock file maintenance (
@renovate[bot])- #6267: fix(deps): update minor/patch updates (
@renovate[bot])- #6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (
@renovate[bot],@lukastaegert)- #6269: chore(deps): update dependency lru-cache to v11 (
@renovate[bot])- #6270: chore(deps): lock file maintenance (
@renovate[bot])- #6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (
@lukastaegert)4.57.1
2026-01-30
Bug Fixes
- Fix heap corruption issue in Windows (#6251)
- Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)
Pull Requests
- #6251: fix: Isolate and cache
process.report.getReport()calls in a child process for robust environment detection (@alan-agius4,@lukastaegert)- #6252: chore(deps): update dependency lru-cache to v11 (
@renovate[bot])- #6253: chore(deps): lock file maintenance minor/patch updates (
@renovate[bot],@lukastaegert)- #6254: Fully include dynamic imports in a try-catch (
@lukastaegert)
... (truncated)
Commits
ae846954.59.0b39616eUpdate audit-resolvec60770dValidate bundle stays within output dir (#6275)33f39c14.58.0b61c408forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...7f00689Extend agent instructionse7b2b85chore(deps): lock file maintenance (#6270)2aa5da9fix(deps): update minor/patch updates (#6267)4319837chore(deps): update dependency lru-cache to v11 (#6269)c3b6b4bchore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Commits
446cfa39.0.88fa151adocs: add warning about ReDoS71b78a2fix partial matching of globstar patterns2de496f9.0.70d4616dlimit nested extglob recursion, flatten extglobs7117ef39.0.62418458update deps, do not checkin dist1d1f531update deps03b1778update CI matrix and actionsf1aaffeupdate test expectations for coalesced consecutive stars- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Release notes
Sourced from simple-git's releases.
simple-git@3.33.0
Minor Changes
- a263635: Use
pathspecwrappers for remote and local paths when running eithergit.cloneorgit.mirrorto avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.Patch Changes
e253a0d: Enhanced
git -cchecks inunsafeplugin.Thanks to
@JohannesLksfor identifying the issuesimple-git@3.32.3
Patch Changes
f704208: Enhanced
protocol.allowchecks inallowUnsafeExtProtocolhandling.Thanks to
@CodeAnt-AI-Securityfor identifying the issuesimple-git@3.32.2
Patch Changes
- 8d02097: Enhanced clone unsafe switch detection.
simple-git@3.32.1
Patch Changes
23b070f: Fix regex for detecting unsafe clone options
Thanks to
@stevenwdvfor reporting this issue.simple-git@3.32.0
Minor Changes
1effd8e: Enhances the
unsafeplugin to block additional cases where the-uswitch may be disguised along with other single character options.Thanks to
@JuHwiSangfor identifying this as vulnerability.Patch Changes
- d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.
simple-git@3.31.1
Patch Changes
- a44184f: Resolve NPM publish steps
Changelog
Sourced from simple-git's changelog.
3.33.0
Minor Changes
- a263635: Use
pathspecwrappers for remote and local paths when running eithergit.cloneorgit.mirrorto avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.Patch Changes
e253a0d: Enhanced
git -cchecks inunsafeplugin.Thanks to
@JohannesLksfor identifying the issue3.32.3
Patch Changes
f704208: Enhanced
protocol.allowchecks inallowUnsafeExtProtocolhandling.Thanks to
@CodeAnt-AI-Securityfor identifying the issue3.32.2
Patch Changes
- 8d02097: Enhanced clone unsafe switch detection.
3.32.1
Patch Changes
23b070f: Fix regex for detecting unsafe clone options
Thanks to
@stevenwdvfor reporting this issue.3.32.0
Minor Changes
1effd8e: Enhances the
unsafeplugin to block additional cases where the-uswitch may be disguised along with other single character options.Thanks to
@JuHwiSangfor identifying this as vulnerability.Patch Changes
- d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.
3.31.1
... (truncated)
Commits
8bbbabcVersion Packagesa263635Clone API use pathspec (#1132)e253a0dFix/block unsafe 2603 (#1135)a1170e5Version Packagesf704208In extension to CVE-2022-25912, switch to case-insensitive check for `protoco...4bb2081Version Packages7ae7537Match tokens to word boundaryc47ad10Lint8d02097Enhanced clone switch detectionf6909a5Remove test timeout override- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for simple-git since your current version.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Release notes
Sourced from fast-xml-parser's releases.
fix entity expansion and incorrect replacement and performance
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.5...v5.5.6
support onDangerousProperty
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.3...v5.5.5
update dependecies to fix typings
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.1...v5.5.2
integrate path-expression-matcher
- support path-expression-matcher
- fix: stopNode should not be parsed
- performance improvement for stopNode checking
Changelog
Sourced from fast-xml-parser's changelog.
Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.
Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion
5.5.6 / 2026-03-16
- update builder dependency
- fix incorrect regex to replace . in entity name
- fix check for entitiy expansion for lastEntities and html entities too
5.5.5 / 2026-03-13
- sanitize dangerous tag or attribute name
- error on critical property name
- support onDangerousProperty option
5.5.4 / 2026-03-13
- declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher
5.5.3 / 2026-03-11
- upgrade builder
5.5.2 / 2026-03-11
- update dependency to fix typings
5.5.1 / 2026-03-10
- fix dependency
5.5.0 / 2026-03-10
- support path-expression-matcher
- fix: stopNode should not be parsed
- performance improvement for stopNode checking
5.4.2 / 2026-03-03
- support maxEntityCount option
5.4.1 / 2026-02-25
- fix (#785) unpairedTag node should not have tag content
5.4.0 / 2026-02-25
- migrate to fast-xml-builder
5.3.9 / 2026-02-25
- support strictReservedNames
5.3.8 / 2026-02-25
- support maxNestedTags
- handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
- save use of js properies
5.3.7 / 2026-02-20
... (truncated)
Commits
870043eupdate release info6df401eupdate builder dependencybd26122check for entitiy expansion for lastEntities and html entities too7e70dd8fix incorrect regex to replace . in entity namee54155fupdate package info3308fd7handle critical properties0500f6brefactorea07bb2declare Matcher & Expression as unknown0a4dc92upgrade buildere0a14f7update dependency to fix typings- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Changelog
Sourced from fast-xml-parser's changelog.
Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.
Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion
5.5.7 / 2026-03-19
- fix: entity expansion limits
- update strnum package to 2.2.0
5.5.6 / 2026-03-16
- update builder dependency
- fix incorrect regex to replace . in entity name
- fix check for entitiy expansion for lastEntities and html entities too
5.5.5 / 2026-03-13
- sanitize dangerous tag or attribute name
- error on critical property name
- support onDangerousProperty option
5.5.4 / 2026-03-13
- declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher
5.5.3 / 2026-03-11
- upgrade builder
5.5.2 / 2026-03-11
- update dependency to fix typings
5.5.1 / 2026-03-10
- fix dependency
5.5.0 / 2026-03-10
- support path-expression-matcher
- fix: stopNode should not be parsed
- performance improvement for stopNode checking
5.4.2 / 2026-03-03
- support maxEntityCount option
5.4.1 / 2026-02-25
- fix (#785) unpairedTag node should not have tag content
5.4.0 / 2026-02-25
- migrate to fast-xml-builder
5.3.9 / 2026-02-25
- support strictReservedNames
5.3.8 / 2026-02-25
- support maxNestedTags
... (truncated)
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updates- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Release notes
Sourced from vite's releases.
v7.3.2
Please refer to CHANGELOG.md for details.
v7.3.1
Please refer to CHANGELOG.md for details.
Changelog
Sourced from vite's changelog.
7.3.2 (2026-04-06)
Bug Fixes
- avoid path traversal with optimize deps sourcemap handler (#22161) (09d8c90)
- backport #22159, apply server.fs check to env transport (#22162) (19db0f2)
- check
server.fsafter stripping query as well (#22160) (f8103cc)7.3.1 (2026-01-07)
Features
Commits
cc383e0release: v7.3.209d8c90fix: avoid path traversal with optimize deps sourcemap handler (#22161)f8103ccfix: checkserver.fsafter stripping query as well (#22160)19db0f2fix: backport #22159, apply server.fs check to env transport (#22162)95e8923release: v7.3.19d39d37feat: addignoreOutdatedRequestsoption tooptimizeDeps(#21364)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Release notes
Sourced from fast-xml-parser's releases.
upgrade
@nodable/entitiesand FXB
- Use
@nodable/entitiesv2.1.0
- breaking changes
- single entity scan. You're not allowed to use entity value to form another entity name.
- you cant add numeric external entity
- entity error message when expantion limit is crossed might change
- typings are updated for new options related to process entity
- please follow documentation of
@nodable/entitiesfor more detail.- performance
- if processEntities is false, then there should not be impact on performance.
- if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
- if processEntities is true, and you pass entity decoder separately
- if no entity then performance should be same as before
- if there are entities then performance should be increased from past versions
- ignoreAttributes is not required to be set to set xml version for NCR entity value
- update 'fast-xml-builder' to sanitize malicious CDATA and comment's content
use
@nodable/entitiesto replace entities
- No API change
- No change in performance for basic usage
- No typing change
- No config change
- new dependency
- breaking: error messages for entities might have been changed.
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0
performance improvment, increase entity expansion default limit
- increase default entity explansion limit as many projects demand for that
maxEntitySize: 10000, maxExpansionDepth: 10000, maxTotalExpansions: Infinity, maxExpandedLength: 100000, maxEntityCount: 1000,
- performance improvement
- reduce calls to toString
- early return when entities are not present
- prepare rawAttrsForMatcher only if user sets
jPath: falseFull Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10
fix typins and matcher instance in callbacks
combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call
Changelog
Sourced from fast-xml-parser's changelog.
Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.
Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion
5.7.1 / 2026-04-20
- fix #705: attributesGroupName working with preserveOrder
- fix #817: stackoverflow when tag expression is very long
5.7.0 / 2026-04-17
- Use
@nodable/entitiesv2.1.0
- breaking changes
- single entity scan. You're not allowed to user entity value to form another entity name.
- you cant add numeric external entity
- entity error message when expantion limit is crossed might change
- typings are updated for new options related to process entity
- please follow documentation of
@nodable/entitiesfor more detail.- performance
- if processEntities is false, then there should not be impact on performance.
- if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
- if processEntities is true, and you pass entity decoder separately
- if no entity then performance should be same as before
- if there are entities then performance should be increased from past versions
- ignoreAttributes is not required to be set to set xml version for NCR entity value
- update 'fast-xml-builder' to sanitize malicious CDATA and comment's content
5.6.0 / 2026-04-15
- fix: entity replacement for numeric entities
- use
@nodable/entitiesto replace entities
- this may change some error messages related to entities expansion limit or inavlid use
- post check would be exposed in future version
5.5.12 / 2026-04-13
- Performance Improvement: update path-expression-matcher
- use proxy pattern than Proxy class
5.5.11 / 2026-04-08
- Performance Improvement
- integrate ExpressionSet for stopNodes
5.5.10 / 2026-04-03
- increase default entity explansion limit as many projects demand for that
- performance improvement
- reduce calls to toString
- early return when entities are not present
- prepare rawAttrsForMatcher only if user sets
jPath: false5.5.9 / 2026-03-23
- combine typing files
... (truncated)
Commits
0f08303fix typof529642update to release v5.7.052a8583Revert "improve performance of attributes reading"8d187f9update buildere174168improve performance of attributes reading79a8ddeupdate docsf5cd5a5set xml version to decoder even if attributes are ignoredf44b923remove unwanted tests869ec8bUse@nodable/entitiesv2.1.07cb49e5update release detail- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Changelog
Sourced from fast-xml-builder's changelog.
1.2.0 (2026-05-08)
- Add support for
sanitizeNameoption- Support xml-naming for validating and sanitizing tag and attribute names
1.1.9 (2026-05-06)
- fix: format output for preserve order when indent by is set to empty string
1.1.8 (2026-05-05)
- fix: skip text property for PI tags
- improve typings
1.1.7 (2026--05-04)
- fix security issues when attribute value contains quotes
1.1.6 (2026--05-04)
- fix security issues related to comment
- skip comment with null value
1.1.5 (2026-04-17)
- fix security issues related to comment and cdata
1.1.4 (2026-03-16)
- support maxNestedTags option
1.1.3 (2026-03-13)
- declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher
1.1.2 (2026-03-11)
- fix typings
1.1.1 (2026-03-11)
- upgrade path-expression-matcher to 1.1.3
1.1.0 (2026-03-10)
- Integrate path-expression-matcher
Commits
a9a905bfor release42680e8support name sanitization8b00185release info8a08f17allow indentation to be empty string7fc5decupdate docsc241b6aimprove documentation15d5668update for release9877485fix: skip text property for PI tags311a221fix #5 typing import issuese8fc5b1update for releast- Additional commits viewable in compare view
Signed-off-by: dependabot[bot]
Release notes
Sourced from protobufjs's releases.
protobufjs: v7.5.8
7.5.8 (2026-05-12)
Bug Fixes
protobufjs: v7.5.7
7.5.7 (2026-05-09)
Bug Fixes
protobufjs: v7.5.6
7.5.6 (2026-04-27)
Bug Fixes
v7.5.5
This release backports two reported security issues to 7.x branch.
- fix: do not allow setting
__proto__in Message constructor (#2126)- fix: filter invalid characters from the type name (#2127)
Full Changelog: https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5
Changelog
Sourced from protobufjs's changelog.
7.5.8 (2026-05-12)
Bug Fixes
7.5.7 (2026-05-09)
Bug Fixes
7.5.6 (2026-04-27)
Bug Fixes
Commits
d7035f9chore: release protobufjs-v7.x (#2248)54b593ffix: Backport parser hardening to 7.x (#2245)e88fceachore: release protobufjs-v7.x (#2239)cc7d595fix: Restore first-match namespace lookup (#2236)3abc9b5chore: release protobufjs-v7.x (#2190)a0bf2dffix: Update CLI peer dependency (7.x) (#2189)2189e5bchore: release protobufjs-v7.x (#2174)75392eafix: Backport input hardening and CLI fixes to 7.x (#2173)8af8d7cchore(ci): Fix 7.x release please configuration (#2169)e92ca42chore(ci): Enable release-please for 7.x (#2166)- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show
Release notes
Sourced from protobufjs's releases.
protobufjs: v7.5.8
7.5.8 (2026-05-12)
Bug Fixes
protobufjs: v7.5.7
7.5.7 (2026-05-09)
Bug Fixes
protobufjs: v7.5.6
7.5.6 (2026-04-27)
Bug Fixes
v7.5.5
This release backports two reported security issues to 7.x branch.
- fix: do not allow setting
__proto__in Message constructor (#2126)- fix: filter invalid characters from the type name (#2127)
Full Changelog: https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5
Changelog
Sourced from protobufjs's changelog.
7.5.8 (2026-05-12)
Bug Fixes
7.5.7 (2026-05-09)
Bug Fixes
7.5.6 (2026-04-27)
Bug Fixes
Commits
d7035f9chore: release protobufjs-v7.x (#2248)54b593ffix: Backport parser hardening to 7.x (#2245)e88fceachore: release protobufjs-v7.x (#2239)cc7d595fix: Restore first-match namespace lookup (#2236)3abc9b5chore: release protobufjs-v7.x (#2190)a0bf2dffix: Update CLI peer dependency (7.x) (#2189)2189e5bchore: release protobufjs-v7.x (#2174)75392eafix: Backport input hardening and CLI fixes to 7.x (#2173)8af8d7cchore(ci): Fix 7.x release please configuration (#2169)e92ca42chore(ci): Enable release-please for 7.x (#2166)- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show