• See full diff in compare view

Sourced from eslint-plugin-n's releases.

v18.1.0

18.1.0 (2026-06-08)

🌟 Features

• Allow workspace root dependencies for no-extraneous-import (#536) (fd4f84e)
• support devEngines.runtime from package.json (#530) (9ef3c32)

🩹 Fixes

• Allow leading forwardslash in package.json "files" field (#534) (#535) (5fde036)
• no-extraneous-import for type-only @​types dependencies (#533) (63a90ef)
• prefer-promises/fs: add missing fs.promises APIs (cp, glob, lutimes, opendir, rm, statfs) (#532) (75fbe34)

📚 Documentation

• fix usage in README.md (c1b1b84)
• Update online playground link in README (058916a)

Sourced from eslint-plugin-n's changelog.

18.1.0 (2026-06-08)

🌟 Features

• Allow workspace root dependencies for no-extraneous-import (#536) (fd4f84e)
• support devEngines.runtime from package.json (#530) (9ef3c32)

🩹 Fixes

• Allow leading forwardslash in package.json "files" field (#534) (#535) (5fde036)
• no-extraneous-import for type-only @​types dependencies (#533) (63a90ef)
• prefer-promises/fs: add missing fs.promises APIs (cp, glob, lutimes, opendir, rm, statfs) (#532) (75fbe34)

📚 Documentation

• fix usage in README.md (c1b1b84)
• Update online playground link in README (058916a)

• fc70bdf chore(master): release 18.1.0 (#528)
• fd4f84e feat: Allow workspace root dependencies for no-extraneous-import (#536)
• 5fde036 fix: Allow leading forwardslash in package.json "files" field (#534) (#535)
• 63a90ef fix: no-extraneous-import for type-only @​types dependencies (#533)
• 75fbe34 fix(prefer-promises/fs): add missing fs.promises APIs (cp, glob, lutimes, ope...
• 058916a docs: Update online playground link in README
• 9ef3c32 feat: support devEngines.runtime from package.json (#530)
• c1b1b84 docs: fix usage in README.md
• See full diff in compare view

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #62.
• Fix trailing whitespace handling when folding flow scalar lines, #307.
• Reject top-level block scalars without content indentation, #280.
• Ensure numbers survive round-trip, #737.
• Fix test coverage for issue #221.
• Fix flow scalar trailing whitespace folding, #307.
• Fix digits in YAML named tag handles.

Security

• Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

• See full diff in compare view

Sourced from prettier's releases.

3.8.4

• Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (prettier/prettier#17746 by @​byplayer)

🔗 Changelog

Sourced from prettier's changelog.

3.8.4

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a


b


c

d



<!-- Prettier 3.8.3 -->

a

b


c

d



<!-- Prettier 3.8.4 -->


a

b



c

d

• 1c6ba55 Release 3.8.4
• 4a673dc Fix blank lines between list items and nested sub-lists being removed in Mark...
• 074aaed Replace main branch in changelog link with tags (#19054)
• c22a003 Bump Prettier dependency to 3.8.3
• 07bad1f Clean changelog_unreleased
• See full diff in compare view

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

• See full diff in compare view

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

• See full diff in compare view

Sourced from dompurify's releases.

DOMPurify 3.4.9

• Further improved the handling of Trusted Types config options, thanks @​offset
• Further improved the handling of IN_PLACE sanitization, thanks @​mozfreddyb
• Added more test coverage for IN_PLACE and Trusted Types related usage
• Bumped several dependencies where possible
• Updated README and wiki with more accurate documentation & attack samples

DOMPurify 3.4.8

• Cleaned up the repository root, renamed some and removed unneeded files
• Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
• Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
• Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
• Bumped several dependencies where possible

• 5210247 release: 3.4.9 (#1459)
• bcdd828 release: 3.4.8 (#1439)
• See full diff in compare view

• See full diff in compare view

Sourced from wrangler's releases.

wrangler@4.100.0

Minor Changes

• #14119 2047a32 Thanks @​tahmid-23! - Serve local R2 bucket objects publicly via the dev server

  When running wrangler dev locally, objects in each local R2 binding are now reachable under /cdn-cgi/local/r2/public/<bucket-id>/<key> on the existing dev server, simulating a public bucket. The <bucket-id> is the bucket's bucket_name when set, otherwise its binding. Bindings configured with remote: true are not exposed.

• #14202 e8561c2 Thanks @​jamesopstad! - Add experimental --x-new-config flag for authoring config in TypeScript

  This is an experimental, opt-in feature. When enabled, wrangler dev, wrangler build, wrangler deploy, wrangler versions upload, and wrangler versions deploy load the Worker's configuration from a cloudflare.config.ts file instead of wrangler.json / wrangler.jsonc / wrangler.toml. Additionally, an optional wrangler.config.ts file can be provided for Wrangler-specific dev/build configuration.

  • cloudflare.config.ts (required) — Worker runtime configuration (bindings, triggers, observability, placement, limits, compatibility, routes, etc.). Authored via defineWorker from wrangler/experimental-config.
  • wrangler.config.ts (optional) — Tooling / bundling / dev-server configuration (noBundle, minify, alias, define, rules, tsconfig, build, dev, assetsDirectory, etc.). Authored via defineWranglerConfig from wrangler/experimental-config.

  Per-environment configuration is via ctx.mode branching inside the function form of either file.

  Example cloudflare.config.ts:

  import { defineWorker, bindings } from "wrangler/experimental-config";
  import * as entrypoint from "./src/index.ts" with { type: "cf-worker" };
  export default defineWorker((ctx) => ({
  name: "my-worker",
  entrypoint,
  compatibilityDate: "2026-05-18",
  env: {
  MY_KV: bindings.kv(),
  MY_TEXT: bindings.text(The mode is ${ctx.mode}),
  },
  }));

  Example wrangler.config.ts:

  import { defineWranglerConfig } from "wrangler/experimental-config";
  export default defineWranglerConfig({
  minify: true,
  assetsDirectory: "./public",
  });

  Because this is experimental, the flag, the config formats, and the wrangler/experimental-config exports may change in any release.

Patch Changes

• #14185 98c9afe Thanks @​penalosa! - Use the shared env-credential resolver from @cloudflare/workers-auth

... (truncated)

• 341bd13 Version Packages (#14237)
• e8561c2 Wrangler support for experimental new config (#14202)
• 4597f08 Bump the workerd-and-workers-types group with 2 updates (#14256)
• 2ae6099 move build earlier in deploy path (#14259)
• 25722ac Gate Network.enable on an attached DevTools client (#14243)
• 98c9afe [workers-auth] Make OAuth identity and token storage injectable for reuse by ...
• 10b5538 Improve authentication error messages with specific failure reasons (#14213)
• e305126 [wrangler] Add cf-wrangler delegate entrypoint; remove @​cloudflare/wrangler-b...
• 818c105 Improve R2 Sippy error messages (#14233)
• f3990b2 Bump the workerd-and-workers-types group with 2 updates (#14246)
• Additional commits viewable in compare view

Sourced from start-server-and-test's releases.

v3.0.11

3.0.11 (2026-06-11)

Bug Fixes

• register --expected as an alias of --expect (#484) (57c221d)

v3.0.10

3.0.10 (2026-06-10)

Bug Fixes

• allow both --proxy-password and --proxy-pass options (#482) (797973d)
• conform to npm branding (lowercase) (#483) (f165b18)

v3.0.9

3.0.9 (2026-06-09)

Bug Fixes

• normalize package.json with npm 11 (#481) (5df0c8f)

v3.0.8

3.0.8 (2026-06-05)

Bug Fixes

• make npm scripts cross-platform (#477) (a54ba5b)

v3.0.7

3.0.7 (2026-06-04)

Bug Fixes

• deps: update lazy-ass to v2 (#474) (c138a9d)

v3.0.6

3.0.6 (2026-06-02)

Bug Fixes

• deps: remove bluebird and use native Promise (#467) (c748117)

• 57c221d fix: register --expected as an alias of --expect (#484)
• f165b18 fix: conform to npm branding (lowercase) (#483)
• 797973d fix: allow both --proxy-password and --proxy-pass options (#482)
• 9f727ac chore(deps): replace got with fetch in test/client (#480)
• 5df0c8f fix: normalize package.json with npm 11 (#481)
• a54ba5b fix: make npm scripts cross-platform (#477)
• fd6d077 docs: README cleanup and tweaks (#478)
• d958d5a chore(deps): upgrade major devDependencies (#476)
• c138a9d fix(deps): update lazy-ass to v2 (#474)
• 301399e test: fix typos, wrong assertion, and placeholder test (#473)
• Additional commits viewable in compare view