chore(release): merge release/3.0.0 into master#308
Merged
saikumarrs merged 19 commits intomasterfrom Jan 6, 2026
Merged
Conversation
chore(release): merge main into develop after release v2.1.11
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>V5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…v-deps group (#287) Bumps the npm-dev-deps group with 1 update: [lint-staged](https://github.com/lint-staged/lint-staged). Updates `lint-staged` from 16.2.6 to 16.2.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lint-staged/lint-staged/releases">lint-staged's releases</a>.</em></p> <blockquote> <h2>v16.2.7</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1711">#1711</a> <a href="https://github.com/lint-staged/lint-staged/commit/ef74c8d165d5acd3ce88567e02b891e0e9af8e0e"><code>ef74c8d</code></a> Thanks <a href="https://github.com/iiroj"><code>@iiroj</code></a>! - Do not display a "<em>failed to spawn</em>" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md">lint-staged's changelog</a>.</em></p> <blockquote> <h2>16.2.7</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1711">#1711</a> <a href="https://github.com/lint-staged/lint-staged/commit/ef74c8d165d5acd3ce88567e02b891e0e9af8e0e"><code>ef74c8d</code></a> Thanks <a href="https://github.com/iiroj"><code>@iiroj</code></a>! - Do not display a "<em>failed to spawn</em>" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lint-staged/lint-staged/commit/0c1b000af8688366077ecc7093333e8a701c4f7c"><code>0c1b000</code></a> chore(changeset): release</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/595b2022b08b3c6936ec21e18e04bdfbb4071b49"><code>595b202</code></a> build(deps): update dependencies</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/ef74c8d165d5acd3ce88567e02b891e0e9af8e0e"><code>ef74c8d</code></a> fix: do display "failed to spawn" message when task fails normally</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/5cf2a1ee62af346c41c99dda1eaea75e7f7c9a1c"><code>5cf2a1e</code></a> style: do not autofix when running lint-staged</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/ba4001276ac6c9c17309eec05b69b0bddf426823"><code>ba40012</code></a> chore: drop <code>npx</code> from <code>commit-msg</code> hook</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/d67de9ac0495ca384a441e196357c49857499bd9"><code>d67de9a</code></a> chore: fix <code>pre-push</code> hook usage with changeset</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/8017d1df2fdb8141fa359944cba6244cbe199152"><code>8017d1d</code></a> build(deps): update dependencies</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/922d7f4fb356d59e8e959391566c81f4e15042f2"><code>922d7f4</code></a> ci: remove dependabot integration, it's not useful</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/6aeeef18f0a6c405016c2d0370d04bd7a1d2c353"><code>6aeeef1</code></a> docs: add PR template</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/a5728b5059c6b5897b854650a606a4fea307d017"><code>a5728b5</code></a> docs: add AGENTS.md</li> <li>Additional commits viewable in <a href="https://github.com/lint-staged/lint-staged/compare/v16.2.6...v16.2.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
https://linear.app/rudderstack/issue/SDK-4344/fix-rce-vulnerability ## Summary Fixes critical **Remote Code Execution (RCE)** vulnerability in Redis persistence queue by replacing `eval()` deserialization with `JSON.parse()`. ## Vulnerability Details - **Type:** Remote Code Execution (RCE) via Insecure Deserialization - **Severity:** Critical - **Attack Vector:** Attacker with Redis write access can inject malicious JavaScript that executes when deserialized - **Affected Component:** `createPersistenceQueue()` feature using Bull/Redis ## Changes - ✅ **Remove all `eval()` calls** - Replaced with safe `JSON.parse()` - ✅ **Remove `serialize-javascript` dependency** - No longer needed - ✅ **Add versioned data format** - Jobs now include `version: 3` marker - ✅ **In-memory callback storage** - Store callbacks in `Map` by `jobId` instead of serializing to Redis - ✅ **Add `_deserializeJobData()` helper** - Centralized deserialization with version checking - ✅ **Add `_getDataForPersistenceQueue()` helper** - DRY data formatting - ✅ **Fix event handler `this` binding** - Use arrow functions to preserve correct context ## Security Impact **Before (v2.x):** ```javascript eval(`(${job.data.eventData})`) //⚠️ RCE vulnerability ``` **After (v3.0.0):** ```javascript JSON.parse(job.data.eventData) // ✅ Safe deserialization ``` ## Breaking Changes 🚨 **BREAKING CHANGE:** Redis persistence queue data format changed from v2 to v3. **Migration Path:** 1. **Recommended:** Drain Redis queue before upgrading 2. **Alternative:** Accept that in-flight v2.x jobs will fail gracefully with clear error messages **Legacy Job Handling:** - v3 jobs (`version === 3`): Processed securely with `JSON.parse()` - v2 jobs (no version field): Rejected with error: "Job data format is not supported. Please drain your Redis queue before upgrading to v3.0.0." ## Testing - ✅ All 59 unit tests passed - ✅ RCE attack prevented (verified with PoC-based test) - ✅ Legitimate v3 data processed correctly - ✅ Legacy v2 data fails gracefully - ✅ No eval() code paths remain ## Test Plan - [ ] Review code changes - [ ] Run test suite: `npm test` - [ ] Test with persistence queue enabled - [ ] Verify legacy jobs fail gracefully - [ ] Build and package: `npm run package` ## Files Changed - `src/index.js` - Complete security refactor - `package.json` - Removed `serialize-javascript` dependency - `package-lock.json` - Updated lockfile ## Related Issues Resolves: #RUD-2630 --- **Note:** This is a security-critical fix that should be released as v3.0.0 due to the breaking change in the persistence queue data format. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Removed serialize-javascript dependency. * **Bug Fixes** * More robust job data handling to avoid crashes on malformed or unsupported persisted data. * Improved recovery and requeue behavior with safer processing and clearer failure handling. * Callbacks are now managed in-memory, improving runtime reliability (note: callbacks aren’t persisted across restarts). BREAKING CHANGE: Redis persistence queue data format changed from v2 to v3. Legacy v2.x jobs without version field will be rejected with error message. Users must drain Redis queue before upgrading or accept that in-flight jobs from v2.x will fail gracefully without being processed.
Bumps [size-limit](https://github.com/ai/size-limit) from 11.2.0 to 12.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ai/size-limit/releases">size-limit's releases</a>.</em></p> <blockquote> <h2>12.0.0</h2> <ul> <li>Moved <code>jiti</code> to optional dependency.</li> <li>Removed <code>chokidar</code> dependency in favor of <code>fs.watch</code>.</li> <li>Removed Node.js 18 support.</li> <li>Updated <code>open</code> & <code>esbuild</code> dependencies.</li> <li>Fixed docs (by <a href="https://github.com/nlopin"><code>@nlopin</code></a> & <a href="https://github.com/just-boris"><code>@just-boris</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ai/size-limit/blob/main/CHANGELOG.md">size-limit's changelog</a>.</em></p> <blockquote> <h2>12.0.0</h2> <ul> <li>Moved <code>jiti</code> to optional dependency.</li> <li>Removed <code>chokidar</code> dependency in favor of <code>fs.watch</code>.</li> <li>Removed Node.js 18 support.</li> <li>Updated <code>open</code> & <code>esbuild</code> dependencies.</li> <li>Fixed docs (by <a href="https://github.com/nlopin"><code>@nlopin</code></a> & <a href="https://github.com/just-boris"><code>@just-boris</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ai/size-limit/commit/7d08aec46050f4bd14f663ffe02b604de70cc293"><code>7d08aec</code></a> Release 12.0.0 version</li> <li><a href="https://github.com/ai/size-limit/commit/ca2570fe15570440c6e252921f751fda5d384e1a"><code>ca2570f</code></a> Fix test coverage</li> <li><a href="https://github.com/ai/size-limit/commit/c881a575739e0ef9ac59af6114702c7ee2c9ed1c"><code>c881a57</code></a> Update lock file</li> <li><a href="https://github.com/ai/size-limit/commit/b2cef20ac9a390d37695b40d2eb3a1d9671b8bc6"><code>b2cef20</code></a> Remove chokidar in favor of fs:watch</li> <li><a href="https://github.com/ai/size-limit/commit/445f9c922bd90888fc287c3c233a73acfd47050a"><code>445f9c9</code></a> Remove Node.js 18 support</li> <li><a href="https://github.com/ai/size-limit/commit/638eb161a2c84c4440a2b8c0cb3ae702e9e91877"><code>638eb16</code></a> Move chokidar to optional peer dependency too</li> <li><a href="https://github.com/ai/size-limit/commit/807bf0ecad8e2b2e76dc3aa89fce6dfc0a2768e4"><code>807bf0e</code></a> Move jiti to optional dependnecy</li> <li><a href="https://github.com/ai/size-limit/commit/8f659261addf8511d8568bbe6e0dc2d6606aa6f4"><code>8f65926</code></a> Update nested dependencies</li> <li><a href="https://github.com/ai/size-limit/commit/7f722d939847792fc65005b2b1e81c06990c85b6"><code>7f722d9</code></a> Update some tools</li> <li><a href="https://github.com/ai/size-limit/commit/47212e3f57a5e757aa35dcdcd5b7cfa38ae8272e"><code>47212e3</code></a> Lock and update CI actions</li> <li>Additional commits viewable in <a href="https://github.com/ai/size-limit/compare/11.2.0...12.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… group across 1 directory (#292) Bumps the npm_and_yarn group with 1 update in the / directory: [express](https://github.com/expressjs/express). Updates `express` from 5.1.0 to 5.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>v5.2.0</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6429">expressjs/express#6429</a></li> <li>Refactor: simplify <code>acceptsLanguages</code> implementation using spread operator by <a href="https://github.com/Ayoub-Mabrouk"><code>@Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6137">expressjs/express#6137</a></li> <li>increased code coverage of utils.js file by <a href="https://github.com/ashish3011"><code>@ashish3011</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6386">expressjs/express#6386</a></li> <li>chore: remove duplicate word by <a href="https://github.com/dufucun"><code>@dufucun</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6456">expressjs/express#6456</a></li> <li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6498">expressjs/express#6498</a></li> <li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6497">expressjs/express#6497</a></li> <li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6496">expressjs/express#6496</a></li> <li>ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6504">expressjs/express#6504</a></li> <li>ci: update codeql config by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6488">expressjs/express#6488</a></li> <li>chore: wider range for query test skip by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6512">expressjs/express#6512</a></li> <li>chore: fix typos in test by <a href="https://github.com/noritaka1166"><code>@noritaka1166</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6535">expressjs/express#6535</a></li> <li>ci: disable credential persistence for checkout actions by <a href="https://github.com/mertssmnoglu"><code>@mertssmnoglu</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6522">expressjs/express#6522</a></li> <li>ci: allow manual triggering of workflow by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6515">expressjs/express#6515</a></li> <li>test: add coverage for app.listen() variants by <a href="https://github.com/kgarg1"><code>@kgarg1</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6476">expressjs/express#6476</a></li> <li>docs: move documentation and charters to the discussions and .github … by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6427">expressjs/express#6427</a></li> <li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6549">expressjs/express#6549</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6548">expressjs/express#6548</a></li> <li>chore: enforce explicit <code>Buffer</code> import and add lint rule by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6525">expressjs/express#6525</a></li> <li>chore: use node protocol for querystring by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6520">expressjs/express#6520</a></li> <li>chore: fix typo by <a href="https://github.com/mountdisk"><code>@mountdisk</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6609">expressjs/express#6609</a></li> <li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6618">expressjs/express#6618</a></li> <li>add deprecation warnings for redirect arguments undefined by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6405">expressjs/express#6405</a></li> <li>ci: run CI when the markdown changes by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6632">expressjs/express#6632</a></li> <li>doc: fix CONTRIBUTING link by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6653">expressjs/express#6653</a></li> <li>doc: update contributing guidelines and code of conduct links by <a href="https://github.com/ShubhamOulkar"><code>@ShubhamOulkar</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6601">expressjs/express#6601</a></li> <li>build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6679">expressjs/express#6679</a></li> <li>build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6678">expressjs/express#6678</a></li> <li>lint: add --fix flag to automatic fix linting issue by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6644">expressjs/express#6644</a></li> <li>chore: ignore yarn.lock file and update example by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6588">expressjs/express#6588</a></li> <li>lib: use req.socket over deprecated req.connection by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6705">expressjs/express#6705</a></li> <li>doc: update express app example by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6718">expressjs/express#6718</a></li> <li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6675">expressjs/express#6675</a></li> <li>Remove history.md from being packaged on publish by <a href="https://github.com/sheplu"><code>@sheplu</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6780">expressjs/express#6780</a></li> <li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6797">expressjs/express#6797</a></li> <li>build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6796">expressjs/express#6796</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6795">expressjs/express#6795</a></li> <li>build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6794">expressjs/express#6794</a></li> <li>build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6793">expressjs/express#6793</a></li> <li>ci: add node.js 25 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6843">expressjs/express#6843</a></li> <li>build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6871">expressjs/express#6871</a></li> <li>build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6870">expressjs/express#6870</a></li> <li>build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6869">expressjs/express#6869</a></li> <li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6868">expressjs/express#6868</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/master/History.md">express's changelog</a>.</em></p> <blockquote> <h1>5.2.0 / 2025-12-01</h1> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> <li>deps: <code>body-parser@^2.2.1</code></li> <li>A deprecation warning was added when using <code>res.redirect</code> with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/expressjs/express/commit/4007ad103ba29f6426b2ec9eccfb1ceb792682a8"><code>4007ad1</code></a> Release: 5.2.0 (<a href="https://redirect.github.com/expressjs/express/issues/6920">#6920</a>)</li> <li><a href="https://github.com/expressjs/express/commit/2f64f68c37c64ae333e41ff38032d21860f22255"><code>2f64f68</code></a> sec: security patch for CVE-2024-51999</li> <li><a href="https://github.com/expressjs/express/commit/ed0ba3f1dc905d6b62eabf23bd383abcae4901ba"><code>ed0ba3f</code></a> build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/expressjs/express/issues/6928">#6928</a>)</li> <li><a href="https://github.com/expressjs/express/commit/8eace4603cb2547608578a4fbb259dc984216f71"><code>8eace46</code></a> build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (<a href="https://redirect.github.com/expressjs/express/issues/6929">#6929</a>)</li> <li><a href="https://github.com/expressjs/express/commit/30bae810279b2ea162bed5b14ce6c35a110a87f5"><code>30bae81</code></a> build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (<a href="https://redirect.github.com/expressjs/express/issues/6930">#6930</a>)</li> <li><a href="https://github.com/expressjs/express/commit/758d4355d45322b4c8cd347ebcefbf3b154c7e7f"><code>758d435</code></a> deps: body-parser@^2.2.1 (<a href="https://redirect.github.com/expressjs/express/issues/6922">#6922</a>)</li> <li><a href="https://github.com/expressjs/express/commit/77bcd5274a87047e5b3fe2f17f6c342db3909c53"><code>77bcd52</code></a> docs: update emeritus triagers (<a href="https://redirect.github.com/expressjs/express/issues/6890">#6890</a>)</li> <li><a href="https://github.com/expressjs/express/commit/f33caf1f89a028f0ea98ff5a156a68e65a2eabdd"><code>f33caf1</code></a> Nominate to <a href="https://github.com/efekrskl"><code>@efekrskl</code></a> for triage team (<a href="https://redirect.github.com/expressjs/express/issues/6888">#6888</a>)</li> <li><a href="https://github.com/expressjs/express/commit/54af593b739ea44674e4a445efa15b8024f093da"><code>54af593</code></a> refactor: use cached slice in app.listen (<a href="https://redirect.github.com/expressjs/express/issues/6897">#6897</a>)</li> <li><a href="https://github.com/expressjs/express/commit/2551a7d8afd82e41b9282bd0235190a847a59f44"><code>2551a7d</code></a> docs: switch badges from badgen.net to shields.io (<a href="https://redirect.github.com/expressjs/express/issues/6900">#6900</a>)</li> <li>Additional commits viewable in <a href="https://github.com/expressjs/express/compare/v5.1.0...v5.2.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rudderlabs/rudder-sdk-node/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update all references from v5 and v4 to v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> <li>Clarify v6 README by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a> Clarify v6 README (<a href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li> <li><a href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a> Add worktree support for persist-credentials includeIf (<a href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li> <li><a href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a> Update all references from v5 and v4 to v6 (<a href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)⚠️ **Dependabot is rebasing this PR**⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.0.0 to 6.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancement:</h3> <ul> <li>Remove always-auth configuration handling by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1436">actions/setup-node#1436</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@actions/cache</code> from 4.0.3 to 4.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1384">actions/setup-node#1384</a></li> <li>Upgrade actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1439">actions/setup-node#1439</a></li> <li>Upgrade js-yaml from 3.14.1 to 3.14.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1435">actions/setup-node#1435</a></li> </ul> <h3>Documentation update:</h3> <ul> <li>Add example for restore-only cache in documentation by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1419">actions/setup-node#1419</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.1.0">https://github.com/actions/setup-node/compare/v6...v6.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f"><code>395ad32</code></a> Bump js-yaml from 3.14.1 to 3.14.2 (<a href="https://redirect.github.com/actions/setup-node/issues/1435">#1435</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/a4d2e2bbca97c78789c5b6f8b2092769fdd8005c"><code>a4d2e2b</code></a> Bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/actions/setup-node/issues/1439">#1439</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/b9b25d45f70a5d94d88496aa4896bf9ed8f49b67"><code>b9b25d4</code></a> Remove always-auth configuration handling from action (<a href="https://redirect.github.com/actions/setup-node/issues/1436">#1436</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/633bb92bc0aabcae06e8ea93b85aecddd374c402"><code>633bb92</code></a> Bump <code>@actions/cache</code> from 4.0.3 to 4.1.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1384">#1384</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/dda4788290998366da86b6a4f497909644397bb2"><code>dda4788</code></a> Add example for restore-only cache in documentation (<a href="https://redirect.github.com/actions/setup-node/issues/1419">#1419</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-node/compare/2028fbc5c25fe9cf00d9f06a71cc4710d4507903...395ad3262231945c25e8478fd5baf05154b1d79f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/stale](https://github.com/actions/stale) from 10.1.0 to 10.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p> <blockquote> <h2>v10.1.1</h2> <h2>What's Changed</h2> <h3>Bug Fix</h3> <ul> <li>Add Missing Input Reading for <code>only-issue-types</code> by <a href="https://github.com/Bibo-Joshi"><code>@Bibo-Joshi</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1298">actions/stale#1298</a></li> </ul> <h3>Improvement</h3> <ul> <li>Improves error handling when rate limiting is disabled on GHES. by <a href="https://github.com/chiranjib-swain"><code>@chiranjib-swain</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1300">actions/stale#1300</a></li> </ul> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1276">actions/stale#1276</a></li> <li>Upgrade <code>@types/node</code> from 20.10.3 to 24.2.0 and document breaking changes in v10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1280">actions/stale#1280</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1291">actions/stale#1291</a></li> <li>Upgrade actions/checkout from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1306">actions/stale#1306</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/chiranjib-swain"><code>@chiranjib-swain</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1300">actions/stale#1300</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v10...v10.1.1">https://github.com/actions/stale/compare/v10...v10.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/stale/commit/997185467fa4f803885201cee163a9f38240193d"><code>9971854</code></a> build(deps): bump actions/checkout from 4 to 6 (<a href="https://redirect.github.com/actions/stale/issues/1306">#1306</a>)</li> <li><a href="https://github.com/actions/stale/commit/5611b9defa6b7799a950489b00163db69f7a3ece"><code>5611b9d</code></a> build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/stale/issues/1291">#1291</a>)</li> <li><a href="https://github.com/actions/stale/commit/fad0de84e50d1aba7b0236cdaf0ea98a43286849"><code>fad0de8</code></a> Improves error handling when rate limiting is disabled on GHES. (<a href="https://redirect.github.com/actions/stale/issues/1300">#1300</a>)</li> <li><a href="https://github.com/actions/stale/commit/39bea7de61dd70ce4705a976f904f33d5e1e0f49"><code>39bea7d</code></a> Add Missing Input Reading for <code>only-issue-types</code> (<a href="https://redirect.github.com/actions/stale/issues/1298">#1298</a>)</li> <li><a href="https://github.com/actions/stale/commit/e46bbabb3ede15841d25946157759558dd16306e"><code>e46bbab</code></a> build(deps-dev): bump <code>@types/node</code> from 20.10.3 to 24.2.0 and document breakin...</li> <li><a href="https://github.com/actions/stale/commit/65d1d4804d3060875fff9f9fa8a49e27f71ce7f0"><code>65d1d48</code></a> build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (<a href="https://redirect.github.com/actions/stale/issues/1276">#1276</a>)</li> <li>See full diff in <a href="https://github.com/actions/stale/compare/5f858e3efba33a5ca4407a664cc011ad407f2008...997185467fa4f803885201cee163a9f38240193d">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….0 (#298) Bumps [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 6.0.0 to 7.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sonarsource/sonarqube-scan-action/releases">SonarSource/sonarqube-scan-action's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>What's Changed</h2> <ul> <li>SQSCANGHA-120 NO-JIRA Bump actions/setup-node from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/211">SonarSource/sonarqube-scan-action#211</a></li> <li>Update SonarScanner CLI to 7.3.0.5189 by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/212">SonarSource/sonarqube-scan-action#212</a></li> <li>SQSCANGHA-122 Include caveats for running SCA by <a href="https://github.com/subdavis"><code>@subdavis</code></a> in <a href="https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/213">SonarSource/sonarqube-scan-action#213</a></li> <li>SQSCANGHA-123 NO-JIRA Bump actions/setup-node from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/214">SonarSource/sonarqube-scan-action#214</a></li> <li>SQSCANGHA-126 Update SonarScanner CLI to 8.0.1.6346 by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/218">SonarSource/sonarqube-scan-action#218</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/subdavis"><code>@subdavis</code></a> made their first contribution in <a href="https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/213">SonarSource/sonarqube-scan-action#213</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/SonarSource/sonarqube-scan-action/compare/v6.0.0...v7.0.0">https://github.com/SonarSource/sonarqube-scan-action/compare/v6.0.0...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/a31c9398be7ace6bbfaf30c0bd5d415f843d45e9"><code>a31c939</code></a> SQSCANGHA-126 Update SonarScanner CLI to 8.0.1.6346 (<a href="https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/218">#218</a>)</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/40f5b61913e891f9d316696628698051136015be"><code>40f5b61</code></a> SQSCANGHA-123 NO-JIRA Bump actions/setup-node from 5 to 6 (<a href="https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/214">#214</a>)</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/9bf7c126a1c17f11278a5c55416b867a27a73d5e"><code>9bf7c12</code></a> SQSCANGHA-122 Include caveats for running SCA (<a href="https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/213">#213</a>)</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/ba6563cca79df854af1350ec3dc5881313ec2d3c"><code>ba6563c</code></a> Update SonarScanner CLI to 7.3.0.5189 (<a href="https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/212">#212</a>)</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/5ffbad44543237d1b339a5ed57a774432e19f3e4"><code>5ffbad4</code></a> SQSCANGHA-120 Bump actions/setup-node from 4 to 5 (<a href="https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/211">#211</a>)</li> <li>See full diff in <a href="https://github.com/sonarsource/sonarqube-scan-action/compare/fd88b7d7ccbaefd23d8f36f73b59db7a3d246602...a31c9398be7ace6bbfaf30c0bd5d415f843d45e9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…6 updates (#301) Bumps the npm-dev-deps group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `20.0.0` | `20.2.0` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.1` | | [commitlint](https://github.com/conventional-changelog/commitlint/tree/HEAD/@alias/commitlint) | `20.1.0` | `20.2.0` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [prettier](https://github.com/prettier/prettier) | `3.6.2` | `3.7.4` | | [sinon](https://github.com/sinonjs/sinon) | `21.0.0` | `21.0.1` | Updates `@commitlint/config-conventional` from 20.0.0 to 20.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/conventional-changelog/commitlint/releases"><code>@commitlint/config-conventional</code>'s releases</a>.</em></p> <blockquote> <h2>v20.2.0</h2> <h1><a href="https://github.com/conventional-changelog/commitlint/compare/v20.1.0...v20.2.0">20.2.0</a> (2025-12-05)</h1> <h3>Features</h3> <ul> <li>feat(lint): update ESLint configuration to use Vitest and remove Jest by <a href="https://github.com/alsmadi99"><code>@alsmadi99</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4542">conventional-changelog/commitlint#4542</a></li> <li>feat(rules): add breaking-change-exclamation-mark by <a href="https://github.com/adamchristiansen"><code>@adamchristiansen</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4548">conventional-changelog/commitlint#4548</a></li> <li>feat(cz-commitlint): support customizable commit prompt with emojis by <a href="https://github.com/parloti"><code>@parloti</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4540">conventional-changelog/commitlint#4540</a></li> </ul> <h3>Chore, docs, etc</h3> <ul> <li>docs: fix missing backtick in Windows setup commands by <a href="https://github.com/silentip404"><code>@silentip404</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4559">conventional-changelog/commitlint#4559</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/adamchristiansen"><code>@adamchristiansen</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4548">conventional-changelog/commitlint#4548</a></li> <li><a href="https://github.com/parloti"><code>@parloti</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4540">conventional-changelog/commitlint#4540</a></li> <li><a href="https://github.com/silentip404"><code>@silentip404</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4559">conventional-changelog/commitlint#4559</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/conventional-changelog/commitlint/compare/v20.1.0...v20.2.0">https://github.com/conventional-changelog/commitlint/compare/v20.1.0...v20.2.0</a></p> <h2>v20.1.0</h2> <h1><a href="https://github.com/conventional-changelog/commitlint/compare/v20.0.0...v20.1.0">20.1.0</a> (2025-09-30)</h1> <h3>Features</h3> <ul> <li>feat(config-pnpm-scopes): allow global scope by <a href="https://github.com/ya2s"><code>@ya2s</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4553">conventional-changelog/commitlint#4553</a></li> </ul> <h3>Bug Fixes</h3> <ul> <li>fix(resolve-extends): add import attribute for JSON config files by <a href="https://github.com/macieklamberski"><code>@macieklamberski</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4551">conventional-changelog/commitlint#4551</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ya2s"><code>@ya2s</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4553">conventional-changelog/commitlint#4553</a></li> <li><a href="https://github.com/macieklamberski"><code>@macieklamberski</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4551">conventional-changelog/commitlint#4551</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/conventional-changelog/commitlint/compare/v20.0.0...v20.1.0">https://github.com/conventional-changelog/commitlint/compare/v20.0.0...v20.1.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md"><code>@commitlint/config-conventional</code>'s changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/conventional-changelog/commitlint/compare/v20.1.0...v20.2.0">20.2.0</a> (2025-12-05)</h1> <p><strong>Note:</strong> Version bump only for package <code>@commitlint/config-conventional</code></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/conventional-changelog/commitlint/commit/ddad9b44d6dd98b983f338bee1ff44dfa9dc1ab1"><code>ddad9b4</code></a> v20.2.0</li> <li>See full diff in <a href="https://github.com/conventional-changelog/commitlint/commits/v20.2.0/@commitlint/config-conventional">compare view</a></li> </ul> </details> <br /> Updates `body-parser` from 2.2.0 to 2.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/releases">body-parser's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2025-13466">CVE-2025-13466</a> (<a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>ci: add dependabot by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/593">expressjs/body-parser#593</a></li> <li>ci: use full SHAs for github action versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/594">expressjs/body-parser#594</a></li> <li>deps: type-is@^2.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/599">expressjs/body-parser#599</a></li> <li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/609">expressjs/body-parser#609</a></li> <li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/610">expressjs/body-parser#610</a></li> <li>build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/611">expressjs/body-parser#611</a></li> <li>build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/613">expressjs/body-parser#613</a></li> <li>build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/612">expressjs/body-parser#612</a></li> <li>ci: add codeql github workflows scanning by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/614">expressjs/body-parser#614</a></li> <li>ci: update CodeQL config to ignore the test directory by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/615">expressjs/body-parser#615</a></li> <li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/620">expressjs/body-parser#620</a></li> <li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/619">expressjs/body-parser#619</a></li> <li>chore(deps): unpin devDependencies by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/616">expressjs/body-parser#616</a></li> <li>ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/621">expressjs/body-parser#621</a></li> <li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/623">expressjs/body-parser#623</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/624">expressjs/body-parser#624</a></li> <li>chore: add funding to package.json by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/617">expressjs/body-parser#617</a></li> <li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/625">expressjs/body-parser#625</a></li> <li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/630">expressjs/body-parser#630</a></li> <li>refactor: move common request validation to read function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/600">expressjs/body-parser#600</a></li> <li>deps: bump iconv-lite by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/631">expressjs/body-parser#631</a></li> <li>doc: pull beta changelog forward into 2.0.0 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/629">expressjs/body-parser#629</a></li> <li>refactor: optimize raw and text parsers with shared passthrough function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/634">expressjs/body-parser#634</a></li> <li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/640">expressjs/body-parser#640</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/639">expressjs/body-parser#639</a></li> <li>build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/636">expressjs/body-parser#636</a></li> <li>build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/637">expressjs/body-parser#637</a></li> <li>build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/638">expressjs/body-parser#638</a></li> <li>deps: raw-body@^3.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/641">expressjs/body-parser#641</a></li> <li>deps: debug@^4.4.3 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/642">expressjs/body-parser#642</a></li> <li>docs: add iconv-lite 0.7.0 changes to history entry by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/645">expressjs/body-parser#645</a></li> <li>ci: add node.js 25 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/650">expressjs/body-parser#650</a></li> <li>perf: move read options outside parser middlewares by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/648">expressjs/body-parser#648</a></li> <li>test(json): add RFC 7159 whitespace edge cases by <a href="https://github.com/Ayoub-Mabrouk"><code>@Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/653">expressjs/body-parser#653</a></li> <li>test: add test for urlencoded invalid defaultCharset by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/643">expressjs/body-parser#643</a></li> <li>build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/657">expressjs/body-parser#657</a></li> <li>build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/656">expressjs/body-parser#656</a></li> <li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/655">expressjs/body-parser#655</a></li> <li>build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/654">expressjs/body-parser#654</a></li> <li>ci: also test on first supported node.js version by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/646">expressjs/body-parser#646</a></li> <li>chore: switch badges from badgen.net to shields.io by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/661">expressjs/body-parser#661</a></li> <li>Remove history.md from being packaged on publish by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/660">expressjs/body-parser#660</a></li> <li>Release: 2.2.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/659">expressjs/body-parser#659</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's changelog</a>.</em></p> <blockquote> <h1>2.2.1 / 2025-11-24</h1> <ul> <li>Security fix for <a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a></li> <li>deps: <ul> <li>type-is@^2.0.1</li> <li>iconv-lite@^0.7.0 <ul> <li>Handle split surrogate pairs when encoding UTF-8</li> <li>Avoid false positives in <code>encodingExists</code> by using prototype-less objects</li> </ul> </li> <li>raw-body@^3.0.1</li> <li>debug@^4.4.3</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/expressjs/body-parser/commit/d96b63da8d7445de317736471633bac83ec76cbb"><code>d96b63d</code></a> 2.2.1 (<a href="https://redirect.github.com/expressjs/body-parser/issues/659">#659</a>)</li> <li><a href="https://github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63"><code>b204886</code></a> sec: security patch for CVE-2025-13466</li> <li><a href="https://github.com/expressjs/body-parser/commit/e20e3512e085c1162e8ffe36ac65c705a8017251"><code>e20e351</code></a> feat: remove <code>history.md</code> from being packaged on publish (<a href="https://redirect.github.com/expressjs/body-parser/issues/660">#660</a>)</li> <li><a href="https://github.com/expressjs/body-parser/commit/0d7ce71c84fa3dd80930188c85f8b2862c1f32a5"><code>0d7ce71</code></a> docs: switch badges from badgen.net to shields.io (<a href="https://redirect.github.com/expressjs/body-parser/issues/661">#661</a>)</li> <li><a href="https://github.com/expressjs/body-parser/commit/168afff3470302aa28050a8ae6681fa1fdaf71a2"><code>168afff</code></a> ci: also test on first supported node.js version (<a href="https://redirect.github.com/expressjs/body-parser/issues/646">#646</a>)</li> <li><a href="https://github.com/expressjs/body-parser/commit/e539a7121d106539379b3192705a06bac48c6d1c"><code>e539a71</code></a> build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/expressjs/body-parser/issues/654">#654</a>)</li> <li><a href="https://github.com/expressjs/body-parser/commit/939161277a70c1b082f7169f7dc64abf35ff5ce9"><code>9391612</code></a> build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (<a href="https://redirect.github.com/expressjs/body-parser/issues/655">#655</a>)</li> <li><a href="https://github.com/expressjs/body-parser/commit/57baafb3bb04c115967a5f8ce9b8be2f96ea0b03"><code>57baafb</code></a> build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (<a href="https://redirect.github.com/expressjs/body-parser/issues/656">#656</a>)</li> <li><a href="https://github.com/expressjs/body-parser/commit/a6a088e088dfe226b4a4f8e1290352db5e26aab4"><code>a6a088e</code></a> build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/expressjs/body-parser/issues/657">#657</a>)</li> <li><a href="https://github.com/expressjs/body-parser/commit/10a114d55d5d9be979eaa06a37e65c0df713ae33"><code>10a114d</code></a> test: add test for urlencoded invalid defaultCharset (<a href="https://redirect.github.com/expressjs/body-parser/issues/643">#643</a>)</li> <li>Additional commits viewable in <a href="https://github.com/expressjs/body-parser/compare/v2.2.0...v2.2.1">compare view</a></li> </ul> </details> <br /> Updates `commitlint` from 20.1.0 to 20.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/conventional-changelog/commitlint/releases">commitlint's releases</a>.</em></p> <blockquote> <h2>v20.2.0</h2> <h1><a href="https://github.com/conventional-changelog/commitlint/compare/v20.1.0...v20.2.0">20.2.0</a> (2025-12-05)</h1> <h3>Features</h3> <ul> <li>feat(lint): update ESLint configuration to use Vitest and remove Jest by <a href="https://github.com/alsmadi99"><code>@alsmadi99</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4542">conventional-changelog/commitlint#4542</a></li> <li>feat(rules): add breaking-change-exclamation-mark by <a href="https://github.com/adamchristiansen"><code>@adamchristiansen</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4548">conventional-changelog/commitlint#4548</a></li> <li>feat(cz-commitlint): support customizable commit prompt with emojis by <a href="https://github.com/parloti"><code>@parloti</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4540">conventional-changelog/commitlint#4540</a></li> </ul> <h3>Chore, docs, etc</h3> <ul> <li>docs: fix missing backtick in Windows setup commands by <a href="https://github.com/silentip404"><code>@silentip404</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4559">conventional-changelog/commitlint#4559</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/adamchristiansen"><code>@adamchristiansen</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4548">conventional-changelog/commitlint#4548</a></li> <li><a href="https://github.com/parloti"><code>@parloti</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4540">conventional-changelog/commitlint#4540</a></li> <li><a href="https://github.com/silentip404"><code>@silentip404</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4559">conventional-changelog/commitlint#4559</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/conventional-changelog/commitlint/compare/v20.1.0...v20.2.0">https://github.com/conventional-changelog/commitlint/compare/v20.1.0...v20.2.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/conventional-changelog/commitlint/blob/master/@alias/commitlint/CHANGELOG.md">commitlint's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/conventional-changelog/commitlint/compare/v20.1.0...v20.2.0">20.2.0</a> (2025-12-05)</h1> <p><strong>Note:</strong> Version bump only for package commitlint</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/conventional-changelog/commitlint/commit/ddad9b44d6dd98b983f338bee1ff44dfa9dc1ab1"><code>ddad9b4</code></a> v20.2.0</li> <li>See full diff in <a href="https://github.com/conventional-changelog/commitlint/commits/v20.2.0/@alias/commitlint">compare view</a></li> </ul> </details> <br /> Updates `express` from 5.1.0 to 5.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>v5.2.1</h2> <h2>What's Changed</h2> <blockquote> <p>[!IMPORTANT]<br /> The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.</p> </blockquote> <ul> <li>Release: 5.2.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6933">expressjs/express#6933</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/v5.2.0...v5.2.1">https://github.com/expressjs/express/compare/v5.2.0...v5.2.1</a></p> <h2>v5.2.0</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6429">expressjs/express#6429</a></li> <li>Refactor: simplify <code>acceptsLanguages</code> implementation using spread operator by <a href="https://github.com/Ayoub-Mabrouk"><code>@Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6137">expressjs/express#6137</a></li> <li>increased code coverage of utils.js file by <a href="https://github.com/ashish3011"><code>@ashish3011</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6386">expressjs/express#6386</a></li> <li>chore: remove duplicate word by <a href="https://github.com/dufucun"><code>@dufucun</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6456">expressjs/express#6456</a></li> <li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6498">expressjs/express#6498</a></li> <li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6497">expressjs/express#6497</a></li> <li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6496">expressjs/express#6496</a></li> <li>ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6504">expressjs/express#6504</a></li> <li>ci: update codeql config by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6488">expressjs/express#6488</a></li> <li>chore: wider range for query test skip by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6512">expressjs/express#6512</a></li> <li>chore: fix typos in test by <a href="https://github.com/noritaka1166"><code>@noritaka1166</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6535">expressjs/express#6535</a></li> <li>ci: disable credential persistence for checkout actions by <a href="https://github.com/mertssmnoglu"><code>@mertssmnoglu</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6522">expressjs/express#6522</a></li> <li>ci: allow manual triggering of workflow by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6515">expressjs/express#6515</a></li> <li>test: add coverage for app.listen() variants by <a href="https://github.com/kgarg1"><code>@kgarg1</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6476">expressjs/express#6476</a></li> <li>docs: move documentation and charters to the discussions and .github … by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6427">expressjs/express#6427</a></li> <li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6549">expressjs/express#6549</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6548">expressjs/express#6548</a></li> <li>chore: enforce explicit <code>Buffer</code> import and add lint rule by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6525">expressjs/express#6525</a></li> <li>chore: use node protocol for querystring by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6520">expressjs/express#6520</a></li> <li>chore: fix typo by <a href="https://github.com/mountdisk"><code>@mountdisk</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6609">expressjs/express#6609</a></li> <li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6618">expressjs/express#6618</a></li> <li>add deprecation warnings for redirect arguments undefined by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6405">expressjs/express#6405</a></li> <li>ci: run CI when the markdown changes by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6632">expressjs/express#6632</a></li> <li>doc: fix CONTRIBUTING link by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6653">expressjs/express#6653</a></li> <li>doc: update contributing guidelines and code of conduct links by <a href="https://github.com/ShubhamOulkar"><code>@ShubhamOulkar</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6601">expressjs/express#6601</a></li> <li>build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6679">expressjs/express#6679</a></li> <li>build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6678">expressjs/express#6678</a></li> <li>lint: add --fix flag to automatic fix linting issue by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6644">expressjs/express#6644</a></li> <li>chore: ignore yarn.lock file and update example by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6588">expressjs/express#6588</a></li> <li>lib: use req.socket over deprecated req.connection by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6705">expressjs/express#6705</a></li> <li>doc: update express app example by <a href="https://github.com/shivarm"><code>@shivarm</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6718">expressjs/express#6718</a></li> <li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/express/pull/6675">expressjs/express#6675</a></li> <li>Remove history.md from being packaged on publish by <a href="https://github.com/sheplu"><code>@sheplu</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6780">expressjs/express#6780</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/master/History.md">express's changelog</a>.</em></p> <blockquote> <h1>5.2.1 / 2025-12-01</h1> <ul> <li>Revert security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>) <ul> <li>The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.</li> </ul> </li> </ul> <h1>5.2.0 / 2025-12-01</h1> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> <li>deps: <code>body-parser@^2.2.1</code></li> <li>A deprecation warning was added when using <code>res.redirect</code> with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/expressjs/express/commit/dbac741a49a5a64336b70c06e85c2e2706e36336"><code>dbac741</code></a> 5.2.1</li> <li><a href="https://github.com/expressjs/express/commit/697547cde621d8b0a47b4fff6e98b29337f8c980"><code>697547c</code></a> Revert "sec: security patch for CVE-2024-51999"</li> <li><a href="https://github.com/expressjs/express/commit/4007ad103ba29f6426b2ec9eccfb1ceb792682a8"><code>4007ad1</code></a> Release: 5.2.0 (<a href="https://redirect.github.com/expressjs/express/issues/6920">#6920</a>)</li> <li><a href="https://github.com/expressjs/express/commit/2f64f68c37c64ae333e41ff38032d21860f22255"><code>2f64f68</code></a> sec: security patch for CVE-2024-51999</li> <li><a href="https://github.com/expressjs/express/commit/ed0ba3f1dc905d6b62eabf23bd383abcae4901ba"><code>ed0ba3f</code></a> build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/expressjs/express/issues/6928">#6928</a>)</li> <li><a href="https://github.com/expressjs/express/commit/8eace4603cb2547608578a4fbb259dc984216f71"><code>8eace46</code></a> build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (<a href="https://redirect.github.com/expressjs/express/issues/6929">#6929</a>)</li> <li><a href="https://github.com/expressjs/express/commit/30bae810279b2ea162bed5b14ce6c35a110a87f5"><code>30bae81</code></a> build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (<a href="https://redirect.github.com/expressjs/express/issues/6930">#6930</a>)</li> <li><a href="https://github.com/expressjs/express/commit/758d4355d45322b4c8cd347ebcefbf3b154c7e7f"><code>758d435</code></a> deps: body-parser@^2.2.1 (<a href="https://redirect.github.com/expressjs/express/issues/6922">#6922</a>)</li> <li><a href="https://github.com/expressjs/express/commit/77bcd5274a87047e5b3fe2f17f6c342db3909c53"><code>77bcd52</code></a> docs: update emeritus triagers (<a href="https://redirect.github.com/expressjs/express/issues/6890">#6890</a>)</li> <li><a href="https://github.com/expressjs/express/commit/f33caf1f89a028f0ea98ff5a156a68e65a2eabdd"><code>f33caf1</code></a> Nominate to <a href="https://github.com/efekrskl"><code>@efekrskl</code></a> for triage team (<a href="https://redirect.github.com/expressjs/express/issues/6888">#6888</a>)</li> <li>Additional commits viewable in <a href="https://github.com/expressjs/express/compare/v5.1.0...v5.2.1">compare view</a></li> </ul> </details> <br /> Updates `prettier` from 3.6.2 to 3.7.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prettier/prettier/releases">prettier's releases</a>.</em></p> <blockquote> <h2>3.7.4</h2> <h2>What's Changed</h2> <ul> <li>Fix comment in union type gets duplicated by <a href="https://github.com/fisker"><code>@fisker</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18393">prettier/prettier#18393</a></li> <li>Fix unstable comment print in union type by <a href="https://github.com/fisker"><code>@fisker</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18395">prettier/prettier#18395</a></li> <li>Avoid quote around LWC interpolations by <a href="https://github.com/kovsu"><code>@kovsu</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18383">prettier/prettier#18383</a></li> </ul> <p>🔗 <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md#374">Changelog</a></p> <h2>3.7.3</h2> <h2>What's Changed</h2> <ul> <li>Fix <code>prettier.getFileInfo()</code> change that breaks VSCode extension by <a href="https://github.com/fisker"><code>@fisker</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18375">prettier/prettier#18375</a></li> </ul> <p>🔗 <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md#373">Changelog</a></p> <h2>3.7.2</h2> <h2>What's Changed</h2> <ul> <li>Fix string print when switching quotes by <a href="https://github.com/fisker"><code>@fisker</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18351">prettier/prettier#18351</a></li> <li>Preserve quote for embedded HTML attribute values by <a href="https://github.com/kovsu"><code>@kovsu</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18352">prettier/prettier#18352</a></li> <li>Fix comment in empty type literal by <a href="https://github.com/fisker"><code>@fisker</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18364">prettier/prettier#18364</a></li> </ul> <p>🔗 <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md#372">Changelog</a></p> <h2>3.7.1</h2> <ul> <li>Fix performance regression in doc printer (<a href="https://redirect.github.com/prettier/prettier/pull/18342">#18342</a> by <a href="https://github.com/fisker"><code>@fisker</code></a>)</li> </ul> <p>🔗 <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md#371">Changelog</a></p> <h2>3.7.0</h2> <p><a href="https://github.com/prettier/prettier/compare/3.6.2...3.7.0">diff</a></p> <p>🔗 <a href="https://prettier.io/blog/2025/11/27/3.7.0">Release note</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md">prettier's changelog</a>.</em></p> <blockquote> <h1>3.7.4</h1> <p><a href="https://github.com/prettier/prettier/compare/3.7.3...3.7.4">diff</a></p> <h4>LWC: Avoid quote around interpolations (<a href="https://redirect.github.com/prettier/prettier/pull/18383">#18383</a> by <a href="https://github.com/kovsu"><code>@kovsu</code></a>)</h4> <!-- raw HTML omitted --> <pre lang="html"><code><!-- Input --> <div foo={bar}> </div> <p><!-- Prettier 3.7.3 (--embedded-language-formatting off) --> <div foo="{bar}"></div></p> <p><!-- Prettier 3.7.4 (--embedded-language-formatting off) --> <div foo={bar}></div> </code></pre></p> <h4>TypeScript: Fix comment inside union type gets duplicated (<a href="https://redirect.github.com/prettier/prettier/pull/18393">#18393</a> by <a href="https://github.com/fisker"><code>@fisker</code></a>)</h4> <!-- raw HTML omitted --> <pre lang="tsx"><code>// Input type Foo = (/** comment */ a | b) | c; <p>// Prettier 3.7.3 type Foo = /** comment <em>/ (/</em>* comment */ a | b) | c;</p> <p>// Prettier 3.7.4 type Foo = /** comment */ (a | b) | c; </code></pre></p> <h4>TypeScript: Fix unstable comment print in union type comments (<a href="https://redirect.github.com/prettier/prettier/pull/18395">#18395</a> by <a href="https://github.com/fisker"><code>@fisker</code></a>)</h4> <!-- raw HTML omitted --> <pre lang="tsx"><code>// Input type X = (A | B) & ( // comment A | B ); <p>// Prettier 3.7.3 (first format) type X = (A | B) & (// comment A | B);</p> <p>// Prettier 3.7.3 (second format) type X = ( | A </tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prettier/prettier/commit/7848357af654883e21ed05c0bbbedf89ee88750e"><code>7848357</code></a> Release 3.7.4</li> <li><a href="https://github.com/prettier/prettier/commit/7686c59d512177707711cb327196d4a965411ec0"><code>7686c59</code></a> Release <code>@prettier/plugin-hermes</code> & <code>@prettier/plugin-oxc</code> v0.1.3</li> <li><a href="https://github.com/prettier/prettier/commit/fe494348a027cb9fcefd2cab9cd7ab1190d74a1c"><code>fe49434</code></a> Remove dead code checking union/intersection types length (<a href="https://redirect.github.com/prettier/prettier/issues/18396">#18396</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/ca02b37489870d5f5996a7f91cbc4e4983fa9729"><code>ca02b37</code></a> Fix unstable comment print (<a href="https://redirect.github.com/prettier/prettier/issues/18395">#18395</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/7efb988c6784997685f38766b93a436ef7456974"><code>7efb988</code></a> Fix comment in union type get duplicated (<a href="https://redirect.github.com/prettier/prettier/issues/18393">#18393</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/cfa92c1b6dc6a67f7ac13b801e2f827953721af3"><code>cfa92c1</code></a> Update dependency <code>@angular/compiler</code> to v21.0.2 (<a href="https://redirect.github.com/prettier/prettier/issues/18392">#18392</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/1de273770b052749f735987c5733c862217b991d"><code>1de2737</code></a> Update dependency yaml to v2.8.2 (<a href="https://redirect.github.com/prettier/prettier/issues/18391">#18391</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/706aa4ef90dbf3804595b10adffad6b75228fea6"><code>706aa4e</code></a> Switch js parse postprocess to <code>onEnter</code> (<a href="https://redirect.github.com/prettier/prettier/issues/18382">#18382</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/d3eb2b2d081f4b5b1008e64655ce7cc8fefd731e"><code>d3eb2b2</code></a> Reuse arrays in visitor keys (<a href="https://redirect.github.com/prettier/prettier/issues/18386">#18386</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/c45fef106ec4d1efdcd61a64c3dd3298272b3d99"><code>c45fef1</code></a> Fix LWC attribute with <code>--embedded-language-formatting off</code> (<a href="https://redirect.github.com/prettier/prettier/issues/18383">#18383</a>)</li> <li>Additional commits viewable in <a href="https://github.com/prettier/prettier/compare/3.6.2...3.7.4">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for prettier since your current version.</p> </details> <br /> Updates `sinon` from 21.0.0 to 21.0.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sinonjs/sinon/blob/main/docs/changelog.md">sinon's changelog</a>.</em></p> <blockquote> <h2>21.0.1</h2> <ul> <li><a href="https://github.com/sinonjs/sinon/commit/456a65c2813533fa4e946b9e707baf798a679ad3"><code>456a65c2</code></a> Update dependencies - except <code>@sinonjs/samsam</code> (<a href="https://redirect.github.com/sinonjs/sinon/issues/2669">#2669</a>) (Carl-Erik Kopseng)</li> <li><a href="https://github.com/sinonjs/sinon/commit/f04f3eb108f3d9b0402e42281b54d9057211bf16"><code>f04f3eb1</code></a> Fix issue 2618 - Remove browserify in favor of esbuild (<a href="https://redirect.github.com/sinonjs/sinon/issues/2661">#2661</a>) (Artur Parkhisenko)</li> <li><a href="https://github.com/sinonjs/sinon/commit/48b69df24c97ef316ebc3835418b3459337c325a"><code>48b69df2</code></a> fix(docs): remove <code>assert.failException</code> from documentation (<a href="https://redirect.github.com/sinonjs/sinon/issues/2666">#2666</a>) (Steffen Schroeder)</li> <li><a href="https://github.com/sinonjs/sinon/commit/13b27cccd066a1bc75cfdcd207f1c8c44ab7b049"><code>13b27ccc</code></a> Fix sandbox restore not handling stubbed functions (<a href="https://redirect.github.com/sinonjs/sinon/issues/2667">#2667</a>) (thamion)</li> <li><a href="https://github.com/sinonjs/sinon/commit/ae9e09ac00799f923a8e6b559ead720999a0e865"><code>ae9e09ac</code></a> Update compatibility target to ES2023 (Carl-Erik Kopseng) <blockquote> <p>Updated compatibility target from ES2017 to ES2023 and clarified the note on breaking changes.</p> </blockquote> </li> <li><a href="https://github.com/sinonjs/sinon/commit/26055043212a03afeb2914e16ea32cb7f0a3ac44"><code>26055043</code></a> Improve error message for immutable descriptors (<a href="https://redirect.github.com/sinonjs/sinon/issues/2664">#2664</a>) (Stuart Dotson)</li> <li><a href="https://github.com/sinonjs/sinon/commit/80fa9a5b8b605eb141e556ec5c8e7cd164ca9c5c"><code>80fa9a5b</code></a> Also mirror the calledOnceWith assertion (<a href="https://redirect.github.com/sinonjs/sinon/issues/2660">#2660</a>) (Benedikt Meurer)</li> </ul> <p><em>Released by <a href="https://github.com/fatso83">Carl-Erik Kopseng</a> on 2025-12-19.</em></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sinonjs/sinon/commit/a8bebe028f3fc1e71c68ca63cedb3ca447c09770"><code>a8bebe0</code></a> 21.0.1</li> <li><a href="https://github.com/sinonjs/sinon/commit/456a65c2813533fa4e946b9e707baf798a679ad3"><code>456a65c</code></a> Update dependencies - except <code>@sinonjs/samsam</code> (<a href="https://redirect.github.com/sinonjs/sinon/issues/2669">#2669</a>)</li> <li><a href="https://github.com/sinonjs/sinon/commit/f04f3eb108f3d9b0402e42281b54d9057211bf16"><code>f04f3eb</code></a> Fix issue 2618 - Remove browserify in favor of esbuild (<a href="https://redirect.github.com/sinonjs/sinon/issues/2661">#2661</a>)</li> <li><a href="https://github.com/sinonjs/sinon/commit/48b69df24c97ef316ebc3835418b3459337c325a"><code>48b69df</code></a> fix(docs): remove <code>assert.failException</code> from documentation (<a href="https://redirect.github.com/sinonjs/sinon/issues/2666">#2666</a>)</li> <li><a href="https://github.com/sinonjs/sinon/commit/13b27cccd066a1bc75cfdcd207f1c8c44ab7b049"><code>13b27cc</code></a> Fix sandbox restore not handling stubbed functions (<a href="https://redirect.github.com/sinonjs/sinon/issues/2667">#2667</a>)</li> <li><a href="https://github.com/sinonjs/sinon/commit/ae9e09ac00799f923a8e6b559ead720999a0e865"><code>ae9e09a</code></a> Update compatibility target to ES2023</li> <li><a href="https://github.com/sinonjs/sinon/commit/26055043212a03afeb2914e16ea32cb7f0a3ac44"><code>2605504</code></a> Improve error message for immutable descriptors (<a href="https://redirect.github.com/sinonjs/sinon/issues/2664">#2664</a>)</li> <li><a href="https://github.com/sinonjs/sinon/commit/6d48f1226a355a6debd79b214cca94ce55cd67de"><code>6d48f12</code></a> Update text to emphasise that the target is moving</li> <li><a href="https://github.com/sinonjs/sinon/commit/3d852aed60e8fece2a9f2f9fd98559123cb71722"><code>3d852ae</code></a> Remember to quit on first error</li> <li><a href="https://github.com/sinonjs/sinon/commit/43c88c90636e9cffdb777e6edb89a7aff9dfbf22"><code>43c88c9</code></a> Add some output</li> <li>Additional commits viewable in <a href="https://github.com/sinonjs/sinon/compare/v21.0.0...v21.0.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…299) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.13.2 to 2.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.14.0</h2> <h2>What's Changed</h2> <ul> <li>Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.</li> <li>Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0">https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0</a></p> <h2>v2.13.3</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where process events were not uploaded in certain edge cases.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3">https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/20cf305ff2072d973412fa9b1e3a4f227bda3c76"><code>20cf305</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/622">#622</a> from step-security/feature/custom-property-skip</li> <li><a href="https://github.com/step-security/harden-runner/commit/c51e8eeb6c4fdcd08f65e43a051dacdbfaa69702"><code>c51e8ee</code></a> feat: skip agent install and post step on subsequent runs for GitHub-hosted r...</li> <li><a href="https://github.com/step-security/harden-runner/commit/e152b90204c3d85cefa1441b701a47a13ed28bd7"><code>e152b90</code></a> feat: skip harden-runner based on repository custom property</li> <li><a href="https://github.com/step-security/harden-runner/commit/ee1faec052d1000061fa79a13e030db11b3f86bd"><code>ee1faec</code></a> feat: replace skip-harden-runner with skip-on-custom-property input</li> <li><a href="https://github.com/step-security/harden-runner/commit/1dc7c1764659d537dab2a854b8e165a801103eb1"><code>1dc7c17</code></a> feat: add skip-harden-runner input to conditionally skip execution</li> <li><a href="https://github.com/step-security/harden-runner/commit/df199fb7be9f65074067a9eb93f12bb4c5547cf2"><code>df199fb</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/620">#620</a> from step-security/rc-29</li> <li><a href="https://github.com/step-security/harden-runner/commit/03d096a772368b1f0222005a6899d3e35a7f62df"><code>03d096a</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/40901073af04afd40408833437092a7467798f33"><code>4090107</code></a> fix: update agent</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/95d9a5deda9de15063e7595e9719c11c38c90ae2...20cf305ff2072d973412fa9b1e3a4f227bda3c76">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.1 to 5.5.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p> <blockquote> <h2>v5.5.2</h2> <h2>What's Changed</h2> <ul> <li>check gpg only when skip-validation = false by <a href="https://github.com/maxweng-sentry"><code>@maxweng-sentry</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1894">codecov/codecov-action#1894</a></li> <li>chore: <code>disable_search</code> alignment by <a href="https://github.com/freemanzMrojo"><code>@freemanzMrojo</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1881">codecov/codecov-action#1881</a></li> <li>chore(release): 5.5.2 by <a href="https://github.com/thomasrockhu-codecov"><code>@thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1902">codecov/codecov-action#1902</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/maxweng-sentry"><code>@maxweng-sentry</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/1894">codecov/codecov-action#1894</a></li> <li><a href="https://github.com/freemanzMrojo"><code>@freemanzMrojo</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/1881">codecov/codecov-action#1881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v5.5.1...v5.5.2">https://github.com/codecov/codecov-action/compare/v5.5.1...v5.5.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's changelog</a>.</em></p> <blockquote> <h2>v5.5.2</h2> <h3>What's Changed</h3> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2">https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2</a></p> <h2>v5.5.1</h2> <h3>What's Changed</h3> <ul> <li>fix: overwrite pr number on fork by <a href="https://github.com/thomasrockhu-codecov"><code>@thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1871">codecov/codecov-action#1871</a></li> <li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <code>@app/dependabot</code> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1868">codecov/codecov-action#1868</a></li> <li>build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by <code>@app/dependabot</code> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1867">codecov/codecov-action#1867</a></li> <li>fix: update to use local app/ dir by <a href="https://github.com/thomasrockhu-codecov"><code>@thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1872">codecov/codecov-action#1872</a></li> <li>docs: fix typo in README by <a href="https://github.com/datalater"><code>@datalater</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1866">codecov/codecov-action#1866</a></li> <li>Document a <code>codecov-cli</code> version reference example by <a href="https://github.com/webknjaz"><code>@webknjaz</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1774">codecov/codecov-action#1774</a></li> <li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by <code>@app/dependabot</code> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1861">codecov/codecov-action#1861</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <code>@app/dependabot</code> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1833">codecov/codecov-action#1833</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1">https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1</a></p> <h2>v5.5.0</h2> <h3>What's Changed</h3> <ul> <li>feat: upgrade wrapper to 0.2.4 by <a href="https://github.com/jviall"><code>@jviall</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1864">codecov/codecov-action#1864</a></li> <li>Pin actions/github-script by Git SHA by <a href="https://github.com/martincostello"><code>@martincostello</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1859">codecov/codecov-action#1859</a></li> <li>fix: check reqs exist by <a href="https://github.com/joseph-sentry"><code>@joseph-sentry</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1835">codecov/codecov-action#1835</a></li> <li>fix: Typo in README by <a href="https://github.com/spalmurray"><code>@spalmurray</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1838">codecov/codecov-action#1838</a></li> <li>docs: Refine OIDC docs by <a href="https://github.com/spalmurray"><code>@spalmurray</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1837">codecov/codecov-action#1837</a></li> <li>build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by <code>@app/dependabot</code> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1829">codecov/codecov-action#1829</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0">https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0</a></p> <h2>v5.4.3</h2> <h3>What's Changed</h3> <ul> <li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by <code>@app/dependabot</code> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1822">codecov/codecov-action#1822</a></li> <li>fix: OIDC on forks by <a href="https://github.com/joseph-sentry"><code>@joseph-sentry</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/1823">codecov/codecov-action#1823</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3">https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3</a></p> <h2>v5.4.2</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/codecov/codecov-action/commit/671740ac38dd9b0130fbe1cec585b89eea48d3de"><code>671740a</code></a> chore(release): 5.5.2 (<a href="https://redirect.github.com/codecov/codecov-action/issues/1902">#1902</a>)</li> <li><a href="https://github.com/codecov/codecov-action/commit/96b38e9e60ee60a8c3911f4612407bba2f9195fb"><code>96b38e9</code></a> chore: <code>disable_search</code> alignment (<a href="https://redirect.github.com/codecov/codecov-action/issues/1881">#1881</a>)</li> <li><a href="https://github.com/codecov/codecov-action/commit/9b6d1f84bde660b0f784003009b1f0aa4663cdeb"><code>9b6d1f8</code></a> check gpg only when skip-validation = false (<a href="https://redirect.github.com/codecov/codecov-action/issues/1894">#1894</a>)</li> <li>See full diff in <a href="https://github.com/codecov/codecov-action/compare/5a1091511ad55cbe89839c7260b706298ca349f7...671740ac38dd9b0130fbe1cec585b89eea48d3de">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [@size-limit/preset-app](https://github.com/ai/size-limit) from 11.2.0 to 12.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ai/size-limit/releases"><code>@size-limit/preset-app</code>'s releases</a>.</em></p> <blockquote> <h2>12.0.0</h2> <ul> <li>Moved <code>jiti</code> to optional dependency.</li> <li>Removed <code>chokidar</code> dependency in favor of <code>fs.watch</code>.</li> <li>Removed Node.js 18 support.</li> <li>Updated <code>open</code> & <code>esbuild</code> dependencies.</li> <li>Fixed docs (by <a href="https://github.com/nlopin"><code>@nlopin</code></a> & <a href="https://github.com/just-boris"><code>@just-boris</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ai/size-limit/blob/main/CHANGELOG.md"><code>@size-limit/preset-app</code>'s changelog</a>.</em></p> <blockquote> <h2>12.0.0</h2> <ul> <li>Moved <code>jiti</code> to optional dependency.</li> <li>Removed <code>chokidar</code> dependency in favor of <code>fs.watch</code>.</li> <li>Removed Node.js 18 support.</li> <li>Updated <code>open</code> & <code>esbuild</code> dependencies.</li> <li>Fixed docs (by <a href="https://github.com/nlopin"><code>@nlopin</code></a> & <a href="https://github.com/just-boris"><code>@just-boris</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ai/size-limit/commit/7d08aec46050f4bd14f663ffe02b604de70cc293"><code>7d08aec</code></a> Release 12.0.0 version</li> <li><a href="https://github.com/ai/size-limit/commit/ca2570fe15570440c6e252921f751fda5d384e1a"><code>ca2570f</code></a> Fix test coverage</li> <li><a href="https://github.com/ai/size-limit/commit/c881a575739e0ef9ac59af6114702c7ee2c9ed1c"><code>c881a57</code></a> Update lock file</li> <li><a href="https://github.com/ai/size-limit/commit/b2cef20ac9a390d37695b40d2eb3a1d9671b8bc6"><code>b2cef20</code></a> Remove chokidar in favor of fs:watch</li> <li><a href="https://github.com/ai/size-limit/commit/445f9c922bd90888fc287c3c233a73acfd47050a"><code>445f9c9</code></a> Remove Node.js 18 support</li> <li><a href="https://github.com/ai/size-limit/commit/638eb161a2c84c4440a2b8c0cb3ae702e9e91877"><code>638eb16</code></a> Move chokidar to optional peer dependency too</li> <li><a href="https://github.com/ai/size-limit/commit/807bf0ecad8e2b2e76dc3aa89fce6dfc0a2768e4"><code>807bf0e</code></a> Move jiti to optional dependnecy</li> <li><a href="https://github.com/ai/size-limit/commit/8f659261addf8511d8568bbe6e0dc2d6606aa6f4"><code>8f65926</code></a> Update nested dependencies</li> <li><a href="https://github.com/ai/size-limit/commit/7f722d939847792fc65005b2b1e81c06990c85b6"><code>7f722d9</code></a> Update some tools</li> <li><a href="https://github.com/ai/size-limit/commit/47212e3f57a5e757aa35dcdcd5b7cfa38ae8272e"><code>47212e3</code></a> Lock and update CI actions</li> <li>Additional commits viewable in <a href="https://github.com/ai/size-limit/compare/11.2.0...12.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…across 1 directory (#306) Bumps the npm_and_yarn group with 1 update in the / directory: [qs](https://github.com/ljharb/qs). Updates `qs` from 6.14.0 to 6.14.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/3fa11a5f643c76896387bd2d86904a2d0141fdf7"><code>3fa11a5</code></a> v6.14.1</li> <li><a href="https://github.com/ljharb/qs/commit/a62670423c1ccab0dd83c621bfb98c7c024e314d"><code>a626704</code></a> [Dev Deps] update <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"><code>3086902</code></a> [Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li><a href="https://github.com/ljharb/qs/commit/fc7930e86c2264c1568c9f5606830e19b0bc2af2"><code>fc7930e</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/0b06aac566abee45ef0327667a7cc89e7aed8b58"><code>0b06aac</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/64951f6200a1fb72cc003c6e8226dde3d2ef591f"><code>64951f6</code></a> [Refactor] <code>parse</code>: extract key segment splitting helper</li> <li><a href="https://github.com/ljharb/qs/commit/e1bd2599cdff4c936ea52fb1f16f921cbe7aa88c"><code>e1bd259</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/f4b3d39709fef6ddbd85128d1ba4c6b566c4902e"><code>f4b3d39</code></a> [eslint] add eslint 9 optional peer dep</li> <li><a href="https://github.com/ljharb/qs/commit/6e94d9596ca50dffafcef40a5f64eca89962cf34"><code>6e94d95</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/973dc3c51c86da9f4e30edeb4b1725158d439102"><code>973dc3c</code></a> [actions] add workflow permissions</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.14.0...v6.14.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rudderlabs/rudder-sdk-node/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm-dev-deps group with 2 updates: [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) and [commitlint](https://github.com/conventional-changelog/commitlint/tree/HEAD/@alias/commitlint). Updates `@commitlint/config-conventional` from 20.2.0 to 20.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/conventional-changelog/commitlint/releases"><code>@commitlint/config-conventional</code>'s releases</a>.</em></p> <blockquote> <h2>v20.3.0</h2> <h1><a href="https://github.com/conventional-changelog/commitlint/compare/v20.2.0...v20.3.0">20.3.0</a> (2026-01-01)</h1> <h3>Features</h3> <ul> <li>feat: add support for .mts config file by <a href="https://github.com/amir-rahmanii"><code>@amir-rahmanii</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4581">conventional-changelog/commitlint#4581</a></li> <li>feat(rules): add scope-delimiter-style by <a href="https://github.com/what1s1ove"><code>@what1s1ove</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4580">conventional-changelog/commitlint#4580</a></li> </ul> <h3>Docs</h3> <ul> <li>docs: add committier to community projects page by <a href="https://github.com/iamyoki"><code>@iamyoki</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4579">conventional-changelog/commitlint#4579</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/iamyoki"><code>@iamyoki</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4579">conventional-changelog/commitlint#4579</a></li> <li><a href="https://github.com/amir-rahmanii"><code>@amir-rahmanii</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4581">conventional-changelog/commitlint#4581</a></li> <li><a href="https://github.com/what1s1ove"><code>@what1s1ove</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4580">conventional-changelog/commitlint#4580</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/conventional-changelog/commitlint/compare/v20.2.0...v20.3.0">https://github.com/conventional-changelog/commitlint/compare/v20.2.0...v20.3.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md"><code>@commitlint/config-conventional</code>'s changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/conventional-changelog/commitlint/compare/v20.2.0...v20.3.0">20.3.0</a> (2026-01-01)</h1> <p><strong>Note:</strong> Version bump only for package <code>@commitlint/config-conventional</code></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/conventional-changelog/commitlint/commit/1c5734db28d30aac1e0493595f965d95d62f7971"><code>1c5734d</code></a> v20.3.0</li> <li>See full diff in <a href="https://github.com/conventional-changelog/commitlint/commits/v20.3.0/@commitlint/config-conventional">compare view</a></li> </ul> </details> <br /> Updates `commitlint` from 20.2.0 to 20.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/conventional-changelog/commitlint/releases">commitlint's releases</a>.</em></p> <blockquote> <h2>v20.3.0</h2> <h1><a href="https://github.com/conventional-changelog/commitlint/compare/v20.2.0...v20.3.0">20.3.0</a> (2026-01-01)</h1> <h3>Features</h3> <ul> <li>feat: add support for .mts config file by <a href="https://github.com/amir-rahmanii"><code>@amir-rahmanii</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4581">conventional-changelog/commitlint#4581</a></li> <li>feat(rules): add scope-delimiter-style by <a href="https://github.com/what1s1ove"><code>@what1s1ove</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4580">conventional-changelog/commitlint#4580</a></li> </ul> <h3>Docs</h3> <ul> <li>docs: add committier to community projects page by <a href="https://github.com/iamyoki"><code>@iamyoki</code></a> in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4579">conventional-changelog/commitlint#4579</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/iamyoki"><code>@iamyoki</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4579">conventional-changelog/commitlint#4579</a></li> <li><a href="https://github.com/amir-rahmanii"><code>@amir-rahmanii</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4581">conventional-changelog/commitlint#4581</a></li> <li><a href="https://github.com/what1s1ove"><code>@what1s1ove</code></a> made their first contribution in <a href="https://redirect.github.com/conventional-changelog/commitlint/pull/4580">conventional-changelog/commitlint#4580</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/conventional-changelog/commitlint/compare/v20.2.0...v20.3.0">https://github.com/conventional-changelog/commitlint/compare/v20.2.0...v20.3.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/conventional-changelog/commitlint/blob/master/@alias/commitlint/CHANGELOG.md">commitlint's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/conventional-changelog/commitlint/compare/v20.2.0...v20.3.0">20.3.0</a> (2026-01-01)</h1> <p><strong>Note:</strong> Version bump only for package commitlint</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/conventional-changelog/commitlint/commit/1c5734db28d30aac1e0493595f965d95d62f7971"><code>1c5734d</code></a> v20.3.0</li> <li>See full diff in <a href="https://github.com/conventional-changelog/commitlint/commits/v20.3.0/@alias/commitlint">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
saikumarrs
previously approved these changes
Jan 6, 2026
Scanned-by: gitleaks 8.30.0
|
saikumarrs
approved these changes
Jan 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
👑 Automated Release PR
This pull request was created automatically by the GitHub Actions workflow. It merges the release branch (
release/3.0.0) into themasterbranch.This ensures that the latest release branch changes are incorporated into the
masterbranch for production.Details
release/3.0.0Please review and merge when ready. 🚀