chore(deps): bump the npm_and_yarn group across 17 directories with 25 updates

[dependabot]

Bumps the npm_and_yarn group with 20 updates in the /ts directory:

Package	From	To
@solana/web3.js	1.69.0	1.69.1
bn.js	5.2.1	5.2.3
rollup	2.70.1	2.80.0
@babel/helpers	7.20.6	7.28.6
ajv	6.12.6	6.14.0
base-x	3.0.9	3.0.11
brace-expansion	1.1.11	1.1.12
braces	3.0.2	3.0.3
cross-spawn	7.0.3	7.0.6
diff	4.0.2	4.0.4
flatted	3.2.7	3.4.1
form-data	3.0.1	3.0.4
js-yaml	3.14.1	3.14.2
lodash	4.17.21	4.17.23
micromatch	4.0.5	4.0.8
minimatch	3.1.2	3.1.5
semver	5.7.1	5.7.2
tough-cookie	4.1.2	4.1.4
word-wrap	1.2.3	1.2.5
ws	7.5.9	7.5.10

Bumps the npm_and_yarn group with 9 updates in the /docs directory:

Package	From	To
brace-expansion	2.0.1	2.0.2
form-data	4.0.2	4.0.5
glob	10.4.5	10.5.0
js-yaml	3.14.1	3.14.2
minimatch	9.0.5	9.0.9
next	15.1.10	15.5.10
altcha-lib	1.2.0	1.4.1
mdast-util-to-hast	13.2.0	13.2.1
svgo	3.3.2	3.3.3

Bumps the npm_and_yarn group with 2 updates in the /examples/tutorial directory: brace-expansion and braces.
Bumps the npm_and_yarn group with 6 updates in the /tests directory:

Package	From	To
@solana/web3.js	1.70.0	1.70.4
base-x	3.0.9	3.0.11
brace-expansion	1.1.11	1.1.12
braces	3.0.2	3.0.3
form-data	4.0.0	4.0.5
lodash	4.17.21	4.17.23

Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-stake-pool directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-binary-oracle-pair directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-binary-option directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-stateless-asks directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-name-service directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-feature-proposal directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-record directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-associated-token-account directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-token-lending directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-token directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-token-swap directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-governance directory: rollup.
Bumps the npm_and_yarn group with 1 update in the /ts/packages/spl-memo directory: rollup.

Updates @solana/web3.js from 1.69.0 to 1.69.1

Commits

• See full diff in compare view

Updates bn.js from 5.2.1 to 5.2.3

Changelog

Sourced from bn.js's changelog.

5.2.3 / 2026-02-19

• fix: imaskn state (#317)

5.2.2 / 2025-04-25

• fix: imuln/muln with zero (#313)

Commits

• ea6c072 5.2.3
• 33df26b fix imaskn state (#317)
• 6db7c38 5.2.2
• c7e1a53 Fix imuln/muln with zero (#313)
• 4cc0bfa docs: mention the max plain JS number argument value (#307)
• 5df40f8 Document length unit in toBuffer(...) input (#299)
• See full diff in compare view

Updates rollup from 2.70.1 to 2.80.0

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

2.80.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6277)

Pull Requests

• #6277: Validate bundle stays within output dir (@​lukastaegert)

2.79.2

2024-09-26

Bug Fixes

• Resolve CVE-2024-43788 (#5677)

Pull Requests

• #5677: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (@​fabianszabo)

2.79.1

2022-09-22

Bug Fixes

• Avoid massive performance degradation when creating thousands of chunks (#4643)

Pull Requests

• #4639: fix: typo docs and contributors link in CONTRIBUTING.md (@​takurinton)
• #4641: Update type definition of resolveId (@​ivanjonas)
• #4643: Improve performance of chunk naming collision check (@​lukastaegert)

2.79.0

2022-08-31

Features

• Add amd.forceJsExtensionForImports to enforce using .js extensions for relative AMD imports (#4607)

Pull Requests

• #4607: add option to keep extensions for amd (@​wh1tevs)

... (truncated)

Commits

• d17ae15 2.80.0
• d6dee5e Validate bundle stays within output dir (#6277)
• c9bd03d 2.79.2
• 48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
• 69ff418 2.79.1
• 04dce1b Update changelog
• 159137e fix: typo docs and contributors link in CONTRIBUTING.md (#4639)
• e1392b3 Update type definition of resolveId (#4641)
• 7836357 Improve performance of chunk naming collision check (#4643)
• 71d20c9 Reduce permissions for repl-artefacts.yml workflow (#4630)
• Additional commits viewable in compare view

Updates @babel/helpers from 7.20.6 to 7.28.6

Release notes

Sourced from @​babel/helpers's releases.

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

• babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • #17589 Improve Unicode handling in code-frame tokenizer (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17556 fix: transform-regenerator correctly handles scope (@​liuxingbaoyu)
• babel-plugin-transform-react-jsx
  • #17538 fix: Keep jsx comments (@​liuxingbaoyu)

💅 Polish

• babel-core, babel-standalone
  • #17606 Polish(standalone): improve message on invalid preset/plugin (@​JLHwung)

🏠 Internal

• babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex
  • #17580 Allow Babel 8 in compatible Babel 7 plugins (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-plugin-transform-react-jsx
  • #17555 perf: Use lighter traversal for jsx __source,__self (@​liuxingbaoyu)

Committers: 7

• Babel Bot (@​babel-bot)
• Eliot Pontarelli (@​kolvian)
• Huáng Jùnliàng (@​JLHwung)
• Kadhirash Sivakumar (@​kadhirash)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• coderaiser (@​coderaiser)

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Commits

• d7f4008 v7.28.6
• 99dcba5 chore: enable some ts-eslint rules (#17592)
• c1b55f6 Use eslint.config.mts (#17573)
• 35055e3 v7.28.4
• 18d88b8 Improve @​babel/core typings (#17471)
• ef155f5 v7.28.3
• 741cbd2 chore: fix various typos across codebase (#17476)
• cac0ff4 v7.28.2
• f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
• baa4cb8 v7.27.6
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/helpers since your current version.

Updates ajv from 6.12.6 to 6.14.0

Commits

• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• See full diff in compare view

Updates base-x from 3.0.9 to 3.0.11

Commits

• 043a888 3.0.11
• 2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
• 3d43c0e 3.0.10
• 0a35446 Improve decoding performance
• See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates diff from 4.0.2 to 4.0.4

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits

• f06f3e4 v4.0.4
• 0179a48 v4.0.3
• 4568cae Backport kpdecker/jsdiff#649
• 4de0ffa Backport kpdecker/jsdiff#647
• See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates flatted from 3.2.7 to 3.4.1

Commits

• 2a02dce 3.4.1
• fba4e8f Merge pull request #89 from WebReflection/python-fix
• 5fe8648 added "when in Rome" also a test for PHP
• 53517ad some minor improvement
• b3e2a0c Fixing recursion issue in Python too
• c4b46db Add SECURITY.md for security policy and reporting
• f86d071 Create dependabot.yml for version updates
• d3418c7 3.4.0
• 7eb65d8 Merge pull request #88 from WebReflection/avoid-recusrion
• 7774aae Avoid recursion on parse due possible shenanigans
• Additional commits viewable in compare view

Updates form-data from 3.0.1 to 3.0.4

Release notes

Sourced from form-data's releases.

v3.0.2

Fixes

• npmignore temporary build files (#532)
• move util.isArray to Array.isArray (#564)

Tests

• migrate from travis to GHA

Changelog

Sourced from form-data's changelog.

v3.0.4 - 2025-07-16

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] update linting config f5e7eb0
• [meta] add auto-changelog d2eb290
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 e8c574c
• [Fix] Switch to using crypto random for boundary values c6ced61
• [Refactor] use hasown 1a78b5d
• [Fix] validate boundary type in setBoundary() method 70bbaa0
• [Tests] add tests to check the behavior of getBoundary with non-strings b22a64e
• [meta] actually ensure the readme backup isn’t published 0150851
• [meta] remove local commit hooks fc42bb9
• [Dev Deps] remove unused deps a14d09e
• [meta] fix scripts to use prepublishOnly 11d9f73
• [meta] fix readme capitalization fc38b48

v3.0.3 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

Commits

• [Refactor] use Object.prototype.hasOwnProperty.call 7fecefe
• [Dev Deps] update @types/node, browserify, coveralls, cross-spawn, eslint, formidable, in-publish, pkgfiles, pre-commit, puppeteer, request, tape, typescript 8261fcb
• Only apps should have lockfiles b82f590
• [Dev Deps] pin request which via tough-cookie ^2.4 depends on psl e5df7f2
• [Deps] update mime-types 5a5bafe

v3.0.2 - 2024-10-10

Merged

• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Commits

• [Tests] migrate from travis to GHA 8fdb3bc
• [eslint] clean up ignores 3217b3d
• fix: move util.isArray to Array.isArray (#564) edb555a

Commits

• 9c82fcd v3.0.4
• e8c574c [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
• c6ced61 [Fix] Switch to using crypto random for boundary values
• 0150851 [meta] actually ensure the readme backup isn’t published
• fc38b48 [meta] fix readme capitalization
• d2eb290 [meta] add auto-changelog
• fc42bb9 [meta] remove local commit hooks
• a14d09e [Dev Deps] remove unused deps
• 002b9b0 [Fix] append: avoid a crash on nullish values
• 70bbaa0 [Fix] validate boundary type in setBoundary() method
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates tough-cookie from 4.1.2 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

• Add local alias for toString by @​corvidism in salesforce/tough-cookie#409
• Fix incorrect string validation for URL by @​coditva in salesforce/tough-cookie#261

New Contributors

• @​corvidism made their first contribution in salesforce/tough-cookie#409
• @​coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

Commits

• cacbc37 Bump version to 4.1.4
• a48fb3a Add tests for url validation
• 50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
• 1253d58 Merge pull request #409 from corvidism/validators-to-string
• 238367e Add local alias for toString
• 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
• 12d4747 Prevent prototype pollution in cookie memstore (#283)
• f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
• cf6debd Fix incorrect string validation for URL
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

• Remove default indent by @​mohd-akram in jonschlinkert/word-wrap#24
• 🔒fix: CVE 2023 26115 (2) by @​OlafCon...

  Description has been truncated