chore: bump the npm-major group across 1 directory with 10 updates

[dependabot]

Bumps the npm-major group with 10 updates in the / directory:

Package	From	To
js-cookie	2.2.1	3.0.7
@types/js-cookie	2.2.7	3.0.6
query-string	5.1.1	9.3.1
rxjs	6.6.7	7.8.2
uuid	8.3.2	14.0.0
@types/node	24.12.0	25.9.1
@types/query-string	5.1.0	6.3.0
@types/uuid	8.3.4	11.0.0
jsdom	26.1.0	29.1.1
typescript	5.9.3	6.0.3

Updates js-cookie from 2.2.1 to 3.0.7

Release notes

Sourced from js-cookie's releases.

v3.0.7

• Prevent cookie attribute injection: CVE-2026-46625 (eb3c40e)
• Add Partitioned attribute to readme (b994768)
• Publish to npm registry via trusted publisher exclusively (4dc71be)
• Ensure consistent behaviour for get('name') + get() (1953d30)

v3.0.5

• Remove npm version restriction in package.json - #818

v3.0.4

• Publish to npmjs.com with package provenance

v3.0.1

• Make package.json accessible in export - #727

v3.0.0

• Removed defaults in favor of a builder: now to supply an api instance with particular predefined (cookie) attributes there's Cookies.withAttributes(), e.g.:

const api = Cookies.withAttributes({
  path: '/',
  secure: true
})
api.set('key', 'value') // writes cookie with path: '/' and secure: true...

• The attributes that an api instance is configured with are exposed as attributes property; it's an immutable object and unlike defaults cannot be changed to configure the api.
• The mechanism to fall back to the standard, internal converter by returning a falsy value in a custom read converter has been removed. Instead the default converters are now exposed as Cookies.converter, which allows for implementing self-contained custom converters providing the same behavior:

const customReadConverter = (value, name) => {
  if (name === 'special') {
    return unescape(value)
  }
  return Cookies.converter.read(value)
}

• withConverter() no longer accepts a function as argument to be turned into a read converter. It is now required to always pass an object with the explicit type(s) of converter(s):

const api = Cookies.withConverter({
  read: (value, name) => unescape(value)
})

• The converter(s) that an api instance is configured with are exposed as converter property; it's an immutable object and cannot be changed to configure the api.
• Started providing library as ES module, in addition to UMD module. The module field in package.json points to an ES module variant of the library.
• Started using browser field instead of main in package.json (for the UMD variant of the library).
• Dropped support for IE < 10.
• Removed built-in JSON support, i.e. getJSON() and automatic stringifying in set(): use Cookies.set('foo', JSON.stringify({ ... })) and JSON.parse(Cookies.get('foo')) instead.
• Removed support for Bower.
• Added minified versions to package - #501
• Improved support for url encoded cookie values (support case insensitive encoding) - #466, #530
• Expose default path via API - #541
• Handle falsy arguments passed to getters - #399

... (truncated)

Commits

• 17bacba Craft v3.0.7 release
• adb823c Fix release workflow halting at git tag
• 5f9e759 May remove Git user config from release workflow
• 6ac9211 Fix release workflow not able to push commit + tag
• 2278bc5 Fix missing package version bump
• eb3c40e Prevent cookie attribute injection
• f6f157f Bump globals from 17.5.0 to 17.6.0
• f409d02 Bump eslint from 10.2.0 to 10.3.0
• a686883 Bump protobufjs in the npm_and_yarn group across 1 directory
• c6112d2 Bump @​protobufjs/utf8 in the npm_and_yarn group across 1 directory
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for js-cookie since your current version.

Updates @types/js-cookie from 2.2.7 to 3.0.6

Commits

• See full diff in compare view

Updates query-string from 5.1.1 to 9.3.1

Release notes

Sourced from query-string's releases.

v9.3.1

• Fix custom type functions with array formats 720f2ff

---

sindresorhus/query-string@v9.3.0...v9.3.1

v9.3.0

• Add replacer option to stringify() 509014d
• Fix encoded separator incorrectly splitting single values into arrays ec67fea

---

sindresorhus/query-string@v9.2.2...v9.3.0

v9.2.2

• Accept valueless parameters as true when using a boolean with types option (#410) 557a550

---

sindresorhus/query-string@v9.2.1...v9.2.2

v9.2.1

• Fix stringifyUrl not respecting passed in options 38dae7b

---

sindresorhus/query-string@v9.2.0...v9.2.1

v9.2.0

• Add support for boolean type in the types option (#407) 10d263a

---

sindresorhus/query-string@v9.1.2...v9.2.0

v9.1.2

• Fix types option with arrayFormat: comma and one item in array (#406) 3e61882

---

sindresorhus/query-string@v9.1.1...v9.1.2

v9.1.1

• Fix arrayFormat bracket-separator with a URL encoded value (#392) 19c43d4

sindresorhus/query-string@v9.1.0...v9.1.1

v9.1.0

• Add types option to the .parse() method (#385) 672eb82

... (truncated)

Commits

• 6c6f660 9.3.1
• 720f2ff Fix custom type functions with array formats
• b46abfc 9.3.0
• 509014d Add replacer option to stringify()
• ab603a8 Document supported value types for stringify()
• ec67fea Fix encoded separator incorrectly splitting single values into arrays
• 2e1f45a Add comprehensive test coverage for queryString.exclude()
• dc13d74 9.2.2
• 557a550 Accept valueless parameters as true when using a boolean with types optio...
• a277921 9.2.1
• Additional commits viewable in compare view

Updates rxjs from 6.6.7 to 7.8.2

Changelog

Sourced from rxjs's changelog.

7.8.2 (2025-02-22)

Bug Fixes

• animationFrameScheduler: some tasks are never flushed and sometimes it breaks completely (#7444) (8bbfa4e)
• mergeWith: works correctly with an Array (#7281) (27855c6)
• subscriber: strict type signature for next method (#7172) (0e2ef5e)

7.8.1 (2023-04-26)

Bug Fixes

• asapScheduler: No longer stops after scheduling twice during flush (#7198) (1b52405), closes ReactiveX#7196
• throttle: properly handle default ThrottleConfig values (#7176) (ceb821c)

7.8.0 (2022-12-15)

Features

• buffer: closingNotifier now supports any ObservableInput (#7073) (61b877a)
• delayWhen: delayWhen's delayDurationSelector now supports any ObservableInput (#7049) (dfd95db)
• sequenceEqual: compareTo now supports any ObservableInput (#7102) (d501961)
• share: ShareConfig factory properties now supports any ObservableInput (#7093) (cc3995a)
• skipUntil: notifier now supports any ObservableInput (#7091) (60d6c40)
• window: windowBoundaries now supports any ObservableInput (#7088) (8c4347c)

7.7.0 (2022-12-15)

Features

• distinct: flush argument now supports any ObservableInput (#7081) (74c9ebd)
• repeatWhen: notifier supports ObservableInput (#7103) (8f1b976)
• retryWhen: notifier now supports any ObservableInput (#7105) (794f806)
• sample: notifier now supports any ObservableInput (#7104) (b18c2eb)

7.6.0 (2022-12-03)

Bug Fixes

• schedulers: no longer cause TypeScript build failures when Node types aren't included (c1a07b7)
• types: Improved subscribe and tap type overloads (#6718) (af1a9f4), closes #6717

Features

• onErrorResumeNextWith: renamed onErrorResumeNext and exported from the top level. (onErrorResumeNext operator is stil available, but deprecated) (#6755) (51e3b2c)

7.5.7 (2022-09-25)

Bug Fixes

... (truncated)

Commits

• e5351d0 chore(publish): 7.8.2
• 8bbfa4e fix(animationFrameScheduler): some tasks are never flushed and sometimes it b...
• 4a2d0d2 docs(rxjs.dex): replace polyfill.io with a Cloudflare equivalent (#7487)
• 2fb0740 chore: 7.x remove global npm install and ignore latest TS (#7398)
• d69d890 docs: fix missing overloads in docs when overload count is less than 3 (#7367...
• 27855c6 fix(mergeWith): works correctly with an Array (#7281)
• 9db6563 docs: provide URL for the V8 docs app (#7244)
• 5c3fb33 docs: add MonoTypeOperatorFunction documentation (#7284)
• 0e2ef5e fix(subscriber): strict type signature for next method (#7172)
• b6d00c1 docs: improve glossary and semantics page (#7267)
• Additional commits viewable in compare view

Updates uuid from 8.3.2 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

• expect crypto to be global everywhere (requires node@20+) (#935)
• drop node@18 support (#934)

Features

• drop node@18 support (#934) (dc4ddb8)

Bug Fixes

• expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
• Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

• rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

v12.0.1

12.0.1 (2026-04-29)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

• Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

• crypto is now expected to be globally defined (requires node@20+) (#935)
• drop node@18 support (#934)
• upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

• update to typescript@5.2 (#887)
• remove CommonJS support (#886)
• drop node@16 support (#883)

Features

• add node@24 to ci matrix (#879) (42b6178)
• drop node@16 support (#883) (0f38cf1)
• remove CommonJS support (#886) (ae786e2)
• update to typescript@5.2 (#887) (c7ee405)

Bug Fixes

• improve v4() performance (#894) (5fd974c)
• restore node: prefix (#889) (e1f42a3)

11.1.0 (2025-02-19)

... (truncated)

Commits

• 7c1ea08 chore(main): release 14.0.0 (#926)
• 3d2c5b0 Merge commit from fork
• f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
• 529ef08 chore: upgrade TypeScript and fixup types (#927)
• 086fd79 chore: update dependencies (#933)
• dc4ddb8 feat!: drop node@18 support (#934)
• 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
• e2879e6 chore: use maintained version of npm-run-all (#930)
• ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
• 0423d49 docs: remove obsolete v1 option notes (#915)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @types/js-cookie from 2.2.7 to 3.0.6

Commits

• See full diff in compare view

Updates @types/node from 24.12.0 to 25.9.1

Commits

• See full diff in compare view

Updates @types/query-string from 5.1.0 to 6.3.0

Release notes

Sourced from @​types/query-string's releases.

v6.3.0

• Add TypeScript definition (#168) 2c2e77a

sindresorhus/query-string@v6.2.0...v6.3.0

v6.2.0

• Supports hash in parseUrl(). sindresorhus/query-string@5b4ce87
• Fixed a bug where it would still sort even when {sort: false}. sindresorhus/query-string@b20493e

sindresorhus/query-string@v6.1.0...v6.2.0

v6.1.0

• Added decode option to .parse(). sindresorhus/query-string@3fd6fd9
• Fixed .stringify() for bracket mode with arrays containing null. sindresorhus/query-string@e5a6c1f

sindresorhus/query-string@v6.0.0...v6.1.0

v6.0.0

We now target Node.js 6 or later and the latest version of Chrome, Firefox, and Safari. If you want support for older browsers, use version 5: npm install query-string@5. Same goes for Create React App v1 users (v2 works though), since it doesn't transpile node_modules.

sindresorhus/query-string@v5.1.1...v6.0.0

Commits

• c138b11 6.3.0
• 2c2e77a Add TypeScript definition (#168)
• e232cb3 Fix sort example for stringify method (#163)
• 9e11676 Fix readme usage example for sort: false (#161)
• b5a51a7 Readme tweak
• eda1fdc 6.2.0
• f0b7db4 Meta tweaks
• b20493e Do not sort when sort option is set to false (#155)
• 5b4ce87 Support hash in parseUrl() (#151)
• ff8eef3 Add readme note about create-react-app (#156)
• Additional commits viewable in compare view

Updates @types/uuid from 8.3.4 to 11.0.0

Commits

• See full diff in compare view

Updates jsdom from 26.1.0 to 29.1.1

Release notes

Sourced from jsdom's releases.

v29.1.1

• Fixed 'border-radius' computed style serialization. (@​asamuzaK)
• Fixed computed style computation when using 'background-origin' and 'background-clip' CSS properties. (@​asamuzaK)
• Significantly optimized initial calls to getComputedStyle(), before the cache warms up. (@​asamuzaK)

v29.1.0

• Added basic support for the ratio CSS type. (@​asamuzaK)
• Fixed getComputedStyle() sometimes returning outdated results after CSS was modified. (@​asamuzaK)

v29.0.2

• Significantly improved and sped up getComputedStyle(). Computed value rules are now applied across a broader set of properties, and include fixes related to inheritance, defaulting keywords, custom properties, and color-related values such as currentcolor and system colors. (@​asamuzaK)
• Fixed CSS 'background' and 'border' shorthand parsing. (@​asamuzaK)

v29.0.1

• Fixed CSS parsing of 'border', 'background', and their sub-shorthands containing keywords or var(). (@​asamuzaK)
• Fixed getComputedStyle() to return a more functional CSSStyleDeclaration object, including indexed access support, which regressed in v29.0.0.

v29.0.0

Breaking changes:

• Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

• Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
• Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
• Added cssMediaRule.matches and cssSupportsRule.matches getters.
• Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
• Added cssKeyframeRule.keyText getter/setter validation.
• Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
• Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
• Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
• Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (@​thypon)
• Fixed a memory leak when stylesheets were removed from the document.
• Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
• Fixed nested @media rule parsing.
• Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
• Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
• Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
• Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

v28.1.0

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (@​asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (@​asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.

... (truncated)

Commits

• 9b9ea7e 29.1.1
• 07efb78 Optimize computed style comparison
• 5f66329 Fix background-origin/background-clip in background shorthand
• ad8af77 Fix border shorthand handling
• 5a3e88e 29.1.0
• 73db204 Update dependencies and dev dependencies
• a7168a5 Support ratio CSS unit type
• 15346e0 Fix style cache invalidation
• 2a1e2cd 29.0.2
• 4097d66 Resolve computed CSS values lazily in CSSStyleDeclaration
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for jsdom since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).
• fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

• npm

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 050880c Bump version to 6.0.3 and LKG
• eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
• ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
• 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• Additional commits viewable in compare view