chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates

[dependabot]

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package	From	To
vite	5.4.0	5.4.21
braces	3.0.2	3.0.3
ejs	3.1.9	3.1.10
express	4.18.2	4.22.1
js-yaml	3.14.1	3.14.2
markdown-to-jsx	7.3.2	7.7.17
rollup	3.28.0	3.29.5
store2	2.14.2	2.14.4
tar-fs	2.1.1	2.1.4
ws	6.2.2	6.2.3

Updates vite from 5.4.0 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

v5.4.19

Please refer to CHANGELOG.md for details.

v5.4.18

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

• fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970
• chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

• fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736
• fix: port sirv@3.0.2 changes to sirv@2.0.4 (#20737) (4f1c35b), closes #20737

5.4.19 (2025-04-30)

• fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

• fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

• fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

• fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

• fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

... (truncated)

Commits

• adce3c2 release: v5.4.21
• cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
• ca88ed7 chore: update CHANGELOG
• 997700f release: v5.4.20
• 482000f fix: apply fs.strict check to HTML files (#20736)
• 80a333a release: v5.4.19
• 766947e fix: backport #19965, check static serve file inside sirv (#19966)
• 731b77d release: v5.4.18
• 823675b fix: backport #19830, reject requests with # in request-target (#19831)
• 0a2518a release: v5.4.17
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Changelog

Sourced from ejs's changelog.

EJS Version 4.0.1 Release Notes

Overview

EJS version 4.0.1 represents a major release with significant architectural improvements, enhanced module support, and improved compatibility. The CommonJS build is now compiled using the TypeScript compiler, ensuring better code quality, maintainability, and backward compatibility.

Major Changes

Module System Overhaul

• Dual module support: Added support for both CommonJS (lib/cjs/ejs.js) and ES Modules (lib/esm/ejs.js)
• Package exports: Implemented proper exports field in package.json for better module resolution
• Code generation improvements: Replaced let in code-generation strings for CommonJS compatibility
• Namespace Node builtins: Improved isolation and compatibility by namespacing Node.js built-in modules

Compatibility

• Extended Node.js support: Maintained compatibility with Node.js versions back to 0.12.18
• Cleaner keyword replacement: Improved handling of JavaScript keywords in templates

Build System

• Compilation task: Added new compile task with updated linting configuration
• Build improvements: Enhanced build process to run before tests
• Test infrastructure: Added testOnly task for running tests without building
• Version string: Version string is now baked in during packaging process

Documentation

• JSDoc updates: Complete JSDoc overhaul with updated paths and references
• Documentation fixes:
  • Fixed missing closing parenthesis in async option description (#766)
  • Updated JSDoc reference from usejsdoc.org to jsdoc.app (#778)
• Removed outdated docs: Cleaned up old documentation files

Dependencies

• Development dependencies: Updated various dev dependencies including ESLint, TypeScript, and build tools
• Removed lockfiles: Removed package-lock.json from repository

Code Quality

• Linting: Updated ESLint configuration for better code quality
• Code cleanup: Removed unused imports and cleaned up codebase
• Test fixes: Fixed failing tests to ensure stability

Breaking Changes

... (truncated)

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 4.22.1 by @​UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• Refactor: improve readability by @​sazk07 in expressjs/express#6190
• ci: add support for Node.js@23.0 by @​UlisesGascon in expressjs/express#6080
• Method functions with no path should error by @​wesleytodd in expressjs/express#5957
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/express#6323
• ci: reorder npm i steps to fix ci for older node versions by @​Phillip9587 in expressjs/express#6336
• Backport: ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6506
• chore(4.x): wider range for query test skip by @​jonchurch in expressjs/express#6513
• use tilde notation for certain dependencies by @​UlisesGascon in expressjs/express#6905
• deps: qs@6.14.0 by @​UlisesGascon in expressjs/express#6909
• deps: use tilde notation for qs by @​Phillip9587 in expressjs/express#6919
• Release: 4.22.0 by @​UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

... (truncated)

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

• Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: use tilde notation for dependencies
• deps: qs@6.14.0

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie

... (truncated)

Commits

• 12fae14 4.22.1
• 5ddf311 Revert "sec: security patch for CVE-2024-51999"
• 49744ab 4.22.0 (#6921)
• 6e97452 sec: security patch for CVE-2024-51999
• 6a23d34 deps: use tilde notation for qs (#6919)
• 8c12cdf deps: qs@6.14.0 (#6909)
• 7fea74f deps: use tilde notation for certain dependencies (#6905)
• dac7a04 chore: wider range for query test skip (#6513)
• 997919b ci: add node.js 24 to test matrix (#6506)
• 36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• See full diff in compare view

Updates markdown-to-jsx from 7.3.2 to 7.7.17

Release notes

Sourced from markdown-to-jsx's releases.

v7.7.17

Patch Changes

• acc11ad: Fix null children crashing app in production

  When null is passed as children to the <Markdown> component, it would previously crash the app in production. This fix handles this case by converting it to empty string.

  Usage Example

  Before this fix, the following code would crash in production:

  <Markdown>{null}</Markdown>

  After this fix, this case is handled gracefully and renders nothing.

v7.7.16

Patch Changes

• 7e487bd: Fix the issue where YAML frontmatter in code blocks doesn't render properly.

  This is done by lowering the parsing priority of Setext headings to match ATX headings; both are now prioritized lower than code blocks.

v7.7.15

Patch Changes

• 8e4c270: Mark react as an optional peer dependency as when passing createElement, you don't need React

v7.7.14

+--------------------------+------------------------+-----------------------+
|                          │ simple markdown string │ large markdown string |
+--------------------------+------------------------+-----------------------+
| markdown-to-jsx (next)   │ 107,013 ops/sec        │ 709 ops/sec           |
+--------------------------+------------------------+-----------------------+
| markdown-to-jsx (7.7.13) │ 102,934 ops/sec        │ 396 ops/sec           |
+--------------------------+------------------------+-----------------------+

Patch Changes

• 73d4398: Cut down on unnecessary matching operations by improving qualifiers. Also improved the matching speed of paragraphs, which led to a roughly 2x boost in throughput for larger input strings.

v7.7.13

Patch Changes

• da003e4: Fix exponential backtracking issue for unpaired inline delimiter sequences.

v7.7.12

... (truncated)

Changelog

Sourced from markdown-to-jsx's changelog.

7.7.17

Patch Changes

• acc11ad: Fix null children crashing app in production

  When null is passed as children to the <Markdown> component, it would previously crash the app in production. This fix handles this case by converting it to empty string.

  Usage Example

  Before this fix, the following code would crash in production:

  <Markdown>{null}</Markdown>

  After this fix, this case is handled gracefully and renders nothing.

7.7.16

Patch Changes

• 7e487bd: Fix the issue where YAML frontmatter in code blocks doesn't render properly.

  This is done by lowering the parsing priority of Setext headings to match ATX headings; both are now prioritized lower than code blocks.

7.7.15

Patch Changes

• 8e4c270: Mark react as an optional peer dependency as when passing createElement, you don't need React

7.7.14

Patch Changes

• 73d4398: Cut down on unnecessary matching operations by improving qualifiers. Also improved the matching speed of paragraphs, which led to a roughly 2x boost in throughput for larger input strings.

7.7.13

Patch Changes

• da003e4: Fix exponential backtracking issue for unpaired inline delimiter sequences.

7.7.12

Patch Changes

• 4351ef5: Adjust text parsing to not split on double spaces unless followed by a newline.
• 4351ef5: Special case detection of :shortcode: so the text processor doesn't break it into chunks, enables shortcode replacement via renderRule.

... (truncated)

Commits

• f71b888 Version Packages (#722)
• acc11ad Fix null children crashing app in production (#719)
• 1bc4ef6 Added a passing test and a failing test for the Math ML tags (#715)
• 5bd6874 Version Packages (#718)
• 7e487bd Fix YAML frontmatter in code block being misparsed as Setext heading (#717)
• 7bdf47f Version Packages (#713)
• 8e4c270 fix(peer): mark react as an optional peer dependency (#711)
• 1deba58 Version Packages (#710)
• 73d4398 Perf optimizations (#708)
• fdc044b upgrade yarn, set age gate
• Additional commits viewable in compare view

Updates qs from 6.11.0 to 6.11.2

Changelog

Sourced from qs's changelog.

6.11.2

• [Fix] parse: Fix parsing when the global Object prototype is frozen (#473)
• [Tests] add passing test cases with empty keys (#473)

6.11.1

• [Fix] stringify: encode comma values more consistently (#463)
• [readme] add usage of filter option for injecting custom serialization, i.e. of custom types (#447)
• [meta] remove extraneous code backticks (#457)
• [meta] fix changelog markdown
• [actions] update checkout action
• [actions] restrict action permissions
• [Dev Deps] update @ljharb/eslint-config, aud, object-inspect, tape

Commits

• 410bdd3 v6.11.2
• a5609c7 [Tests] add passing test cases with empty keys
• 7895b94 [Fix] parse: Fix parsing when the global Object prototype is frozen
• 9dca37f v6.11.1
• 4c4b23d [Fix] stringify: encode comma values more consistently
• 1778ed4 [Dev Deps] update @ljharb/eslint-config, object-inspect, tape
• 20820fa [Dev Deps] update aud
• 2048fa5 [meta] remove extraneous code backticks
• 7e937fa [actions] update checkout action
• 6ce7665 [Dev Deps] update aud, tape
• Additional commits viewable in compare view

Updates rollup from 3.28.0 to 3.29.5

Release notes

Sourced from rollup's releases.

v3.29.5

3.29.5

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

rollup changelog

3.29.4

2023-09-28

Bug Fixes

• Fix static analysis when an exported function uses callbacks (#5158)

Pull Requests

• #5158: Deoptimize all parameters when losing track of a function ( @​lukastaegert)

3.29.3

2023-09-24

Bug Fixes

• Fix a bug where code was wrongly tree-shaken after mutating function parameters (#5153)

Pull Requests

• #5145: docs: improve the docs repl appearance in the light mode ( @​TrickyPi)
• #5148: chore(deps): update dependency @​vue/eslint-config-typescript to v12 (@​renovate[bot])
• #5149: chore(deps): lock file maintenance minor/patch updates ( @​renovate[bot])
• #5153: Fully deoptimize first level path when deoptimizing nested parameter paths (@​lukastaegert)

3.29.2

2023-09-15

Bug Fixes

• Export TreeshakingPreset type (#5131)

Pull Requests

• #5131: fix: exports TreeshakingPreset (@​moltar)
• #5134: docs: steps to enable symlinks on windows (@​thebanjomatic)
• #5137: chore(deps): lock file maintenance minor/patch updates ( @​renovate[bot])

3.29.1

2023-09-10

Bug Fixes

• Fix time measurement of plugin hooks in watch mode (#5114)

... (truncated)

Commits

• dfd233d 3.29.5
• 2ef77c0 Fix DOM Clobbering CVE
• a6448b9 3.29.4
• 4e92d60 Deoptimize all parameters when losing track of a function (#5158)
• 801ffd1 3.29.3
• 353e462 Fully deoptimize first level path when deoptimizing nested parameter paths (#...
• a1a89e7 chore(deps): update dependency @​vue/eslint-config-typescript to v12 (#5148)
• cc14f70 chore(deps): lock file maintenance minor/patch updates (#5149)
• 1e8355b docs: improve the docs repl appearance in the light mode (#5145)
• 5950fc8 Adapt branches in REPL workflow
• Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.2

Release notes

Sourced from send's releases.

0.19.2

What's Changed

• deps: use tilde notation and update certain dependencies by @​Phillip9587 in pillarjs/send#279
• Release: 0.19.2 by @​UlisesGascon in pillarjs/send#280

Full Changelog: pillarjs/send@0.19.1...0.19.2

0.19.1

What's Changed

• fix(deps): encodeurl@~2.0.0 by @​wesleytodd in pillarjs/send#240

Full Changelog: pillarjs/send@0.19.0...0.19.1

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.2 / 2025-12-15

• deps: use tilde notation for dependencies
• deps: http-errors@~2.0.1
• deps: statuses@~2.0.2

0.19.1 / 2024-10-09

• deps: encodeurl@~2.0.0

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• 34ba03b 0.19.2 (#280)
• e53e4e5 deps: use tilde notation and update certain dependencies (#279)
• 19efaa3 0.19.1
• 0a9fa80 fix(deps): encodeurl@~2.0.0 (#240)
• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.3

Release notes

Sourced from serve-static's releases.

v1.16.3

What's Changed

• deps: send@~0.19.1 by @​Phillip9587 in expressjs/serve-static#227
• Release: 1.16.3 by @​UlisesGascon in expressjs/serve-static#229

Full Changelog: expressjs/serve-static@v1.16.2...v1.16.3

v1.16.2

What's Changed

• encodeurl@~2.0.0 by @​wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

• bump send to 0.19 by @​tommasini in expressjs/serve-static#176

New Contributors

• @​tommasini made their first contribution in expressjs/serve-static#176

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.3 / 2024-12-15

• deps: send@~0.19.1
  • deps: encodeurl@~2.0.0

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: send@0.19.0

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• 9acad22 1.16.3 (#229)
• 52dc97d deps: send@~0.19.1 and upgrade Node.js versions on the CI (#227)
• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): send@0.19.0
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for serve-static since your current version.

Updates store2 from 2.14.2 to 2.14.4

Commits

• bb2680d 2.14.4
• 5c4c208 minor version build updates
• 582a86c fix syntax/lint issue
• 0ef2405 Merge pull request #128 from TasosY2K/master
• b5b7723 removed eval use from deep.store.js
• 0216588 ssh git repo url
• cc4444b remove component
• 29cbc3b 2.14.3
• 6a1f112 obsolete long ago
• 77ca9ea npm update
• Additional commits viewable in compare view

Updates tar-fs from 2.1.1 to 2.1.4

Commits

• f421a23 2.1.4
• c412fa1 refactor to same pattern as v3
• 4b7e868 2.1.3
• 266194b hardlink tweak from main
• d97731b 2.1.2
• fd1634e symlink tweak from main
• See full diff in compare view

Updates ws from 6.2.2 to 6.2.3

Release notes

Sourced from ws's releases.

6.2.3

Bug fixes

• Backported e55e5106 to the 6.x release line (eeb76d31).

Commits

• d87f3b6 [dist] 6.2.3
• eeb76d3 [security] Fix crash when the Upgrade header cannot be read (#2231)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml