Bump the npm_and_yarn group across 4 directories with 11 updates #2173

dependabot · 2025-12-30T21:07:15Z

Bumps the npm_and_yarn group with 5 updates in the /Extensions/WikiPDFExport/WikiPDFExportTask/WikiPDFExportTaskV3 directory:

Package	From	To
brace-expansion	`1.1.11`	`1.1.12`
brace-expansion	`2.0.1`	`2.0.2`
braces	`3.0.2`	`3.0.3`
form-data	`2.5.1`	`2.5.5`
js-yaml	`3.14.1`	`3.14.2`
qs	`6.11.0`	`6.14.1`

Bumps the npm_and_yarn group with 6 updates in the /Extensions/WikiUpdater/WikiFolderUpdaterTask/WikiFolderUpdaterTaskV2 directory:

Package	From	To
brace-expansion	`1.1.11`	`1.1.12`
brace-expansion	`2.0.1`	`2.0.2`
braces	`3.0.2`	`3.0.3`
form-data	`2.5.1`	`2.5.5`
js-yaml	`3.14.1`	`3.14.2`
qs	`6.10.3`	`6.14.1`
micromatch	`4.0.5`	`4.0.8`

Bumps the npm_and_yarn group with 7 updates in the /Extensions/WikiUpdater/WikiUpdaterTask/WikiUpdaterTaskV2 directory:

Package	From	To
brace-expansion	`1.1.11`	`1.1.12`
brace-expansion	`2.0.1`	`2.0.2`
braces	`3.0.2`	`3.0.3`
js-yaml	`3.13.1`	`3.14.2`
minimatch	`3.0.4`	`3.1.2`
minimist	`1.2.5`	`1.2.8`
path-parse	`1.0.6`	`1.0.7`
micromatch	`4.0.5`	`4.0.8`

Bumps the npm_and_yarn group with 7 updates in the /Tools/GetAPIJsonPayloads directory:

Package	From	To
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
js-yaml	`3.14.1`	`3.14.2`
qs	`6.10.3`	`6.14.1`
serialize-javascript	`6.0.0`	`6.0.2`
micromatch	`4.0.4`	`4.0.8`
webpack	`5.76.1`	`5.104.1`

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates form-data from 2.5.1 to 2.5.5

Release notes

Sourced from form-data's releases.

v2.5.2

Fixes

Buffer.from and Buffer.alloc require node 4+

npmignore temporary build files (#532)

move util.isArray to Array.isArray (#564)

Tests

migrate from travis to GHA

Changelog

Sourced from form-data's changelog.

v2.5.5 - 2025-07-18

Commits

[meta] actually ensure the readme backup isn’t published 10626c0

[Fix] use proper dependency 026abe5

v2.5.4 - 2025-07-17

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] update linting config 8bf2492

[meta] add auto-changelog b5101ad

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 0e93122

[Fix] Switch to using crypto random for boundary values b88316c

[Fix] validate boundary type in setBoundary() method 131ae5e

[Tests] Switch to newer v8 prediction library; enable node 24 testing c97cfbe

[Refactor] use hasown 97ac9c2

[meta] remove local commit hooks be99d4e

[Dev Deps] remove unused deps ddbc89b

[meta] fix scripts to use prepublishOnly e351a97

[Dev Deps] remove unused script 8f23366

[Dev Deps] add missing peer dep 02ff026

[meta] fix readme capitalization 2fd5f61

v2.5.3 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

Commits

[Refactor] use Object.prototype.hasOwnProperty.call 6e682d4

[Dev Deps] update @types/node, browserify, coveralls, eslint, formidable, in-publish, phantomjs-prebuilt, pkgfiles, pre-commit, request, tape, typescript 819f6b7

Only apps should have lockfiles b170ee2

[Deps] update combined-stream, mime-types 6b1ca1d

Bumped version 2.5.3 9457283

[Dev Deps] pin request which via tough-cookie ^2.4 depends on psl 9dbe192

v2.5.2 - 2024-10-10

... (truncated)

Commits

40de5a7 v2.5.5
026abe5 [Fix] use proper dependency
10626c0 [meta] actually ensure the readme backup isn’t published
efe6c26 v2.5.4
c97cfbe [Tests] Switch to newer v8 prediction library; enable node 24 testing
0e93122 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
b88316c [Fix] Switch to using crypto random for boundary values
b70869d [Fix] append: avoid a crash on nullish values
131ae5e [Fix] validate boundary type in setBoundary() method
8bf2492 [eslint] update linting config
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

Types are now exported as yaml.types.XXX.

Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

Check migration guide to see details for all breaking changes.

Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.

Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.

yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.

yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.

!!binary now always mapped to Uint8Array on load.

Reduced nesting of /lib folder.

Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).

dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.

Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.

Code snippet created in exceptions now contains multiple lines with line numbers.

dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.

dump() with skipInvalid=true now serializes invalid items in collections as null.

Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.

Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

Added .mjs (es modules) support.

Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.

Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

9963d36 3.14.2 released
10d3c8e dist rebuild
5278870 fix prototype pollution in merge (<<) (#731)
See full diff in compare view

Updates qs from 6.11.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

[Tests] utils.merge: add some coverage

[Tests] fix a test case

[actions] split out node 10-20, and 20+

[Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

6.13.0

[New] parse: add strictDepth option (#511)

[Tests] use npm audit instead of aud

6.12.3

[Fix] parse: properly account for strictNullHandling when allowEmptyArrays

[meta] fix changelog indentation

6.12.2

[Fix] parse: parse encoded square brackets (#506)

[readme] add CII best practices badge

6.12.1

[Fix] parse: Disable decodeDotInKeys by default to restore previous behavior (#501)

[Performance] utils: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)

[Refactor] utils: use +=

[Tests] increase coverage

6.12.0

... (truncated)

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates serialize-javascript from 6.0.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

fix: serialize URL string contents to prevent XSS (#173) f27d65d

Bump @babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0

docs: update readme with URL support (#146) 0d88527

chore: update node version and lock file e2a3a91

fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

Bump mocha from 9.0.1 to 9.0.2 by @dependabot in yahoo/serialize-javascript#126

Bump mocha from 9.0.2 to 9.0.3 by @dependabot in yahoo/serialize-javascript#127

Bump path-parse from 1.0.6 to 1.0.7 by @dependabot in yahoo/serialize-javascript#129

Bump mocha from 9.0.3 to 9.1.0 by @dependabot in yahoo/serialize-javascript#130

Bump mocha from 9.1.0 to 9.1.1 by @dependabot in yahoo/serialize-javascript#131

Bump mocha from 9.1.1 to 9.1.2 by @dependabot in yahoo/serialize-javascript#132

Bump mocha from 9.1.2 to 9.1.3 by @dependabot in yahoo/serialize-javascript#133

Bump mocha from 9.1.3 to 9.1.4 by @dependabot in yahoo/serialize-javascript#137

Bump mocha from 9.1.4 to 9.2.0 by @dependabot in yahoo/serialize-javascript#138

Bump chai from 4.3.4 to 4.3.6 by @dependabot in yahoo/serialize-javascript#140

Bump ansi-regex from 5.0.0 to 5.0.1 by @dependabot in yahoo/serialize-javascript#141

Bump mocha from 9.2.0 to 9.2.2 by @dependabot in yahoo/serialize-javascript#143

Bump minimist from 1.2.5 to 1.2.6 by @dependabot in yahoo/serialize-javascript#144

Bump mocha from 9.2.2 to 10.0.0 by @dependabot in yahoo/serialize-javascript#145

Bump mocha from 10.0.0 to 10.1.0 by @dependabot in yahoo/serialize-javascript#149

Bump chai from 4.3.6 to 4.3.7 by @dependabot in yahoo/serialize-javascript#150

ci: test.yml - actions bump by @piwysocki in yahoo/serialize-javascript#151

Bump minimatch from 3.0.4 to 3.1.2 by @dependabot in yahoo/serialize-javascript#152

Bump mocha from 10.1.0 to 10.2.0 by @dependabot in yahoo/serialize-javascript#153

Bump json5 from 2.1.3 to 2.2.3 by @dependabot in yahoo/serialize-javascript#155

Fix serialization issue for 0n. by @momocow in yahoo/serialize-javascript#156

Release v6.0.1 by @okuryu in yahoo/serialize-javascript#157

New Contributors

@piwysocki made their first contribution in yahoo/serialize-javascript#151

@momocow made their first contribution in yahoo/serialize-javascript#156

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

Commits

b71ec23 6.0.2
f27d65d fix: serialize URL string contents to prevent XSS (#173)
02499c0 Bump @babel/traverse from 7.10.1 to 7.23.7 (#171)
0d88527 docs: update readme with URL support (#146)
e2a3a91 chore: update node version and lock file
5a1fa64 fix typo (#164)
7139f92 Release v6.0.1 (#157)
7e23ae8 Fix serialization issue for 0n. (#156)
343abd9 Bump json5 from 2.1.3 to 2.2.3 (#155)
38d0e70 Bump mocha from 10.1.0 to 10.2.0 (#153)
Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates form-data from 2.5.1 to 2.5.5

Release notes

Sourced from form-data's releases.

v2.5.2

Fixes

Buffer.from and Buffer.alloc require node 4+

npmignore temporary build files (#532)

move util.isArray to Array.isArray (#564)

Tests

migrate from travis to GHA

Changelog

Sourced from form-data's changelog.

v2.5.5 - 2025-07-18

Commits

[meta] actually ensure the readme backup isn’t published 10626c0

[Fix] use proper dependency 026abe5

v2.5.4 - 2025-07-17

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] update linting config 8bf2492

[meta] add auto-changelog b5101ad

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 0e93122

[Fix] Switch to using crypto random for boundary values b88316c

[Fix] validate boundary type in setBoundary() method 131ae5e

[Tests] Switch to newer v8 prediction library; enable node 24 testing c97cfbe

[Refactor] use hasown 97ac9c2

[meta] remove local commit hooks be99d4e

[Dev Deps] remove unused deps ddbc89b

[meta] fix scripts to use prepublishOnly e351a97

[Dev Deps] remove unused script 8f23366

[Dev Deps] add missing peer dep 02ff026

[meta] fix readme capitalization 2fd5f61

v2.5.3 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

Commits

[Refactor] use Object.prototype.hasOwnProperty.call 6e682d4

[Dev Deps] update @types/node, browserify, coveralls, eslint, formidable, in-publish, phantomjs-prebuilt, pkgfiles, pre-commit, request, tape, typescript 819f6b7

Only apps should have lockfiles b170ee2

[Deps] update combined-stream, mime-types 6b1ca1d

Bumped version 2.5.3 9457283

[Dev Deps] pin request which via tough-cookie ^2.4 depends on psl 9dbe192

v2.5.2 - 2024-10-10

... (truncated)

Commits

40de5a7 v2.5.5
026abe5 [Fix] use proper dependency
10626c0 [meta] actually ensure the readme backup isn’t published
efe6c26 v2.5.4
c97cfbe [Tests] Switch to newer v8 prediction library; enable node 24 testing
0e93122 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
b88316c [Fix] Switch to using crypto random for boundary values
b70869d [Fix] append: avoid a crash on nullish values
131ae5e [Fix] validate boundary type in setBoundary() method
8bf2492 [eslint] update linting config
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

Types are now exported as yaml.types.XXX.

Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

Check migration guide to see details for all breaking changes.

Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.

Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.

yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.

yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.

!!binary now always mapped to Uint8Array on load.

Reduced nesting of /lib folder.

Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).

dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.

Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.

Code snippet created in exceptions now contains multiple lines with line numbers.

dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.

dump() with skipInvalid=true now serializes invalid items in collections as null.

Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.

Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

Added .mjs (es modules) support.

Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.

Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

9963d36 3.14.2 released
10d3c8e dist rebuild
5278870 fix prototype pollution in merge (<<) (#731)
See full diff in compare view

Updates qs from 6.10.3 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

[Tests] utils.merge: add some coverage

[Tests] fix a test case

[actions] split out node 10-20, and 20+

[Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

6.13.0

[New] parse: add strictDepth option (#511)

[Tests] use npm audit instead of aud

6.12.3

[Fix] parse: properly account for strictNullHandling when allowEmptyArrays

[meta] fix changelog indentation

6.12.2

[Fix] parse: parse encoded square brackets (#506)

[readme] add CII best practices badge

6.12.1

[Fix] parse: Disable decodeDotInKeys by default to restore previous behavior (#501)

[Performance] utils: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)

[Refactor] utils: use +=

[Tests] increase coverage

6.12.0

... (truncated)

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates serialize-javascript from 6.0.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

fix: serialize URL string contents to prevent XSS (#173) f27d65d

Bump @babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0

docs: update readme with URL support (#146) 0d88527

chore: update node version and lock file e2a3a91

fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

Bump mocha from 9.0.1 to 9.0.2 by @dependabot in yahoo/serialize-javascript#126

Bump mocha from 9.0.2 to 9.0.3 by @dependabot in yahoo/serialize-javascript#127

Bump path-parse from 1.0.6 to 1.0.7 by @dependabot in yahoo/serialize-javascript#129

Bump mocha from 9.0.3 to 9.1.0 by @dependabot in yahoo/serialize-javascript#130

Bump mocha from 9.1.0 to 9.1.1 by @dependabot in yahoo/serialize-javascript#131

Bump mocha from 9.1.1 to 9.1.2 by @dependabot in yahoo/serialize-javascript#132

Bump mocha from 9.1.2 to 9.1.3 by @dependabot in yahoo/serialize-javascript#133

Bump mocha from 9.1.3 to 9.1.4 by @dependabot in yahoo/serialize-javascript#137

Bump mocha from 9.1.4 to 9.2.0 by @dependabot in yahoo/serialize-javascript#138

Bump chai from 4.3.4 to 4.3.6 by @dependabot in yahoo/serialize-javascript#140

Bump ansi-regex from 5.0.0 to 5.0.1 by @dependabot in yahoo/serialize-javascript#141

Bump mocha from 9.2.0 to 9.2.2 by @dependabot in yahoo/serialize-javascript#143

Bump minimist from 1.2.5 to 1.2.6 by @dependabot in yahoo/serialize-javascript#144

Bump mocha from 9.2.2 to 10.0.0 by @dependabot in yahoo/serialize-javascript#145

Bump mocha from 10.0.0 to 10.1.0 by @dependabot in

Bumps the npm_and_yarn group with 5 updates in the /Extensions/WikiPDFExport/WikiPDFExportTask/WikiPDFExportTaskV3 directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.0.2` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [form-data](https://github.com/form-data/form-data) | `2.5.1` | `2.5.5` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [qs](https://github.com/ljharb/qs) | `6.11.0` | `6.14.1` | Bumps the npm_and_yarn group with 6 updates in the /Extensions/WikiUpdater/WikiFolderUpdaterTask/WikiFolderUpdaterTaskV2 directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.0.2` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [form-data](https://github.com/form-data/form-data) | `2.5.1` | `2.5.5` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [qs](https://github.com/ljharb/qs) | `6.10.3` | `6.14.1` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | Bumps the npm_and_yarn group with 7 updates in the /Extensions/WikiUpdater/WikiUpdaterTask/WikiUpdaterTaskV2 directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.0.2` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | Bumps the npm_and_yarn group with 7 updates in the /Tools/GetAPIJsonPayloads directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [qs](https://github.com/ljharb/qs) | `6.10.3` | `6.14.1` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.4` | `4.0.8` | | [webpack](https://github.com/webpack/webpack) | `5.76.1` | `5.104.1` | Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `brace-expansion` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `form-data` from 2.5.1 to 2.5.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v2.5.1...v2.5.5) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `qs` from 6.11.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.14.1) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `brace-expansion` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `form-data` from 2.5.1 to 2.5.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v2.5.1...v2.5.5) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `qs` from 6.10.3 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.14.1) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `brace-expansion` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `js-yaml` from 3.13.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `path-parse` from 1.0.6 to 1.0.7 - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `qs` from 6.10.3 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.14.1) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `micromatch` from 4.0.4 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `webpack` from 5.76.1 to 5.104.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.76.1...v5.104.1) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 2.5.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 2.5.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-parse dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.104.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2026-01-30T02:15:54Z

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 30, 2025

github-actions bot added the Stale label Jan 30, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 4 directories with 11 updates #2173

Bump the npm_and_yarn group across 4 directories with 11 updates #2173

Uh oh!

dependabot bot commented on behalf of github Dec 30, 2025

Uh oh!

github-actions bot commented Jan 30, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump the npm_and_yarn group across 4 directories with 11 updates #2173

Are you sure you want to change the base?

Bump the npm_and_yarn group across 4 directories with 11 updates #2173

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 30, 2025

v1.1.12

v1.1.12

v2.5.2

Fixes

Tests

v2.5.5 - 2025-07-18

Commits

v2.5.4 - 2025-07-17

Fixed

Commits

v2.5.3 - 2025-02-14

Merged

Fixed

Commits

v2.5.2 - 2024-10-10

[3.14.2] - 2025-11-15

Security

[4.1.1] - 2025-11-12

Security

[4.1.0] - 2021-04-15

Added

Changed

[4.0.0] - 2021-01-03

Changed

Added

6.14.1

6.14.0

6.13.1

6.13.0

6.12.3

6.12.2

6.12.1

6.12.0

v6.0.2

v6.0.1

What's Changed

New Contributors

v1.1.12

v1.1.12

v2.5.2

Fixes

Tests

v2.5.5 - 2025-07-18

Commits

v2.5.4 - 2025-07-17

Fixed

Commits

v2.5.3 - 2025-02-14

Merged

Fixed

Commits

v2.5.2 - 2024-10-10

[3.14.2] - 2025-11-15

Security

[4.1.1] - 2025-11-12

Security

[4.1.0] - 2021-04-15

Added

Changed

[4.0.0] - 2021-01-03

Changed

Added

6.14.1

6.14.0

6.13.1

6.13.0

6.12.3

6.12.2

6.12.1

6.12.0

v6.0.2

v6.0.1

What's Changed

Uh oh!