shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,620 Commits 1,133 Branches 344 Tags
e5b6469f6f8701bfa5b81fa9e54633c55bee0fdb
Commit Graph

450 Commits

Author SHA1 Message Date
dependabot[bot] e5b6469f6f chore: bump @babel/plugin-syntax-typescript from 7.28.6 to 7.29.7 in /site (#25964) 
Bumps
[@babel/plugin-syntax-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-syntax-typescript)
from 7.28.6 to 7.29.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/releases">@​babel/plugin-syntax-typescript's
releases</a>.</em></p>
<blockquote>
<h2>v7.29.7 (2026-05-25)</h2>
<p>Re-release all packages with npm provenance attestations</p>
<h2>v7.29.6 (2026-05-25)</h2>
<h4>🐛 Bug Fix</h4>
<ul>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/18014">#18014</a>
Catchup source map position in preserveFormat (<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/18001">#18001</a>
[7.x packport]Improve input source map handling (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>, <code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17998">#17998</a>
Preserve original identifier names from input sourcemaps (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-syntax-typescript/issues/17992">#17992</a>)
(<a href="https://github.com/Andarist"><code>@​Andarist</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 3</h4>
<ul>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
<li>Mateusz Burzyński (<a
href="https://github.com/Andarist"><code>@​Andarist</code></a>)</li>
<li>Nicolò Ribaudo (<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
</ul>
<h2>v7.29.5 (2026-05-05)</h2>
<h4>🏠  Internal</h4>
<ul>
<li><code>babel-preset-env</code>
<ul>
<li>Update <code>@babel/*</code> dependencies</li>
</ul>
</li>
</ul>
<h2>v7.29.4 (2026-05-05)</h2>
<h4>🐛 Bug Fix</h4>
<ul>
<li><code>babel-plugin-transform-modules-systemjs</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17974">#17974</a>
[7.x backport]fix(systemjs): improve module string name support (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 1</h4>
<ul>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
<h2>v7.29.3 (2026-04-30)</h2>
<h4>👓 Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17923">#17923</a>
Support flow extends bound (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>🐛 Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-proposal-decorators</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17931">#17931</a>
fix(decorators): replace super within all removed static elements (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-register</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17915">#17915</a> Fix
thread synchronization issues in <code>@babel/register</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-compat-data</code>,
<code>babel-plugin-bugfix-safari-rest-destructuring-rhs-array</code>,
<code>babel-preset-env</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17788">#17788</a> Add
bugfix plugin for Safari array rest destructuring bug (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>💅 Polish</h4>
<ul>
<li><code>babel-parser</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090"><code>4fba754</code></a>
v7.29.7</li>
<li>See full diff in <a
href="https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-syntax-typescript">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:30:54 +00:00
dependabot[bot] d370736f55 chore: bump motion from 12.38.0 to 12.40.0 in /site (#25960) 
Bumps [motion](https://github.com/motiondivision/motion) from 12.38.0 to
12.40.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">motion's
changelog</a>.</em></p>
<blockquote>
<h2>[12.40.0] 2026-05-21</h2>
<h3>Added</h3>
<ul>
<li><code>path</code> option to <code>transition</code>.</li>
<li><code>arc()</code> for motion along an arc.</li>
</ul>
<h2>[12.39.0] 2026-05-18</h2>
<h3>Added</h3>
<ul>
<li>Support for <code>repeatType</code> and <code>repeatDelay</code> in
animation sequences.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Variants: Re-run keyframe animations when switching between variant
labels even when they share identical keyframe arrays.</li>
<li>Drag: Preserve in-flight motion value animations across React 19
reorder unmount/remount so <code>dragSnapToOrigin</code> no longer
leaves the drag transform stranded after a layout swap.</li>
<li><code>LazyMotion</code>: Share React contexts between the
<code>framer-motion</code> and <code>framer-motion/m</code> (and
therefore <code>motion/react</code> and <code>motion/react-m</code>) CJS
bundles so that <code>&lt;m.div&gt;</code> from the <code>/m</code>
subpath picks up features loaded by <code>&lt;LazyMotion&gt;</code> from
the main entry point.</li>
<li><code>useScroll</code>: Support hydrating <code>target</code> and
<code>container</code> refs from anywhere in the tree.</li>
<li>Drag: Gesture no longer starts from incorrect start point when
rendered inside <code>&lt;AnimatePresence initial={false}
/&gt;</code>.</li>
<li>Drag: <code>dragConstraints</code>, when set as viewport-relative
ref, no longer break on scroll.§</li>
<li>Updated <code>visualElement</code> hydration order.</li>
<li><code>useAnimate</code>: Now respects
<code>skipAnimations</code>.</li>
<li><code>AnimatePresence</code>: Fix object-form <code>initial</code>
values not applied on re-entry after exit completes.</li>
<li><code>scroll</code>: Fixed callback progress when tracking an
element.</li>
<li><code>useScroll</code>: Fix hardware acceleration when tracking an
element.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/motiondivision/motion/commit/38ebb9480e5b25a51e09e2ec866c101d01d82c60"><code>38ebb94</code></a>
v12.40.0</li>
<li><a
href="https://github.com/motiondivision/motion/commit/b1f766c7221cfdbf868e2f66675d6d2e2ff8f50e"><code>b1f766c</code></a>
Latest</li>
<li><a
href="https://github.com/motiondivision/motion/commit/bca554401519e8ef45db1dcc8c52580998251c73"><code>bca5544</code></a>
Merge pull request <a
href="https://redirect.github.com/motiondivision/motion/issues/3699">#3699</a>
from motiondivision/lochie/arcs-injectable</li>
<li><a
href="https://github.com/motiondivision/motion/commit/f1a96cfaff8de87712539bf250205134c8e121d9"><code>f1a96cf</code></a>
arc(): rename amp/rotate, expose MotionPath, fix explicit cw/ccw</li>
<li><a
href="https://github.com/motiondivision/motion/commit/b4aaba0d161cce6db7b2070ec3fd141e1dbcda95"><code>b4aaba0</code></a>
pathRotation: non-destructive orientToPath rotation channel</li>
<li><a
href="https://github.com/motiondivision/motion/commit/8604ef3d9048127d61a8bbd94698e56368e70926"><code>8604ef3</code></a>
Make arcs injectable via <code>transition.path = arc()</code></li>
<li><a
href="https://github.com/motiondivision/motion/commit/f90fe294c559c3bd7b13e762b0b2aefe837dc000"><code>f90fe29</code></a>
add <code>orientToPath</code></li>
<li><a
href="https://github.com/motiondivision/motion/commit/9ebe999fe93e6431ce026a998cb2aeabe690d03b"><code>9ebe999</code></a>
fix: test</li>
<li><a
href="https://github.com/motiondivision/motion/commit/bc2107e8963b35c0f264810d8dcb8b7b96ac7cb5"><code>bc2107e</code></a>
Revert &quot;no should&quot;</li>
<li><a
href="https://github.com/motiondivision/motion/commit/6eeb92dc2228419a1d2ba33bec5df36c3357683a"><code>6eeb92d</code></a>
no should</li>
<li>Additional commits viewable in <a
href="https://github.com/motiondivision/motion/compare/v12.38.0...v12.40.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:29:51 +00:00
dependabot[bot] 73249e7c1a chore: bump react-router from 7.12.0 to 7.15.1 in /site (#25963) 
Bumps
[react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router)
from 7.12.0 to 7.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/releases">react-router's
releases</a>.</em></p>
<blockquote>
<h2>v7.15.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7151">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7151</a></p>
<h2>v7.15.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150</a></p>
<h2>v7.14.2</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7142">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7142</a></p>
<h2>v7.14.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141</a></p>
<h2>v7.14.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140</a></p>
<h2>v7.13.2</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132</a></p>
<h2>v7.13.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131</a></p>
<h2>v7.13.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's
changelog</a>.</em></p>
<blockquote>
<h2>v7.15.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>Update router to operate on fetcher Maps in an immutable manner to
avoid delayed React renders from potentially reading an updated but not
yet committed Map. This could result in brief flickers in some
fetcher-driven optimistic UI scenarios. (<a
href="https://redirect.github.com/remix-run/react-router/pull/15028">#15028</a>)</li>
<li>Fix <code>serverLoader()</code> returning stale SSR data when a
client navigation aborts pending hydration before the hydration
<code>clientLoader</code> resolves (<a
href="https://redirect.github.com/remix-run/react-router/pull/15022">#15022</a>)</li>
<li>Fix <code>RouterProvider</code> <code>onError</code> callback not
being called for synchronous initial loader errors in SPA mode (<a
href="https://redirect.github.com/remix-run/react-router/pull/15039">#15039</a>)
(<a
href="https://redirect.github.com/remix-run/react-router/pull/14942">#14942</a>)</li>
<li>Memoize <code>useFetchers</code> to return a stable identity and
only change if fetchers changed (<a
href="https://redirect.github.com/remix-run/react-router/pull/15028">#15028</a>)</li>
<li>Internal refactor to consolidate mutation request detection through
shared utility (<a
href="https://redirect.github.com/remix-run/react-router/pull/15033">#15033</a>)</li>
</ul>
<h3>Unstable Changes</h3>
<p>⚠️ <em><a
href="https://reactrouter.com/community/api-development-strategy#unstable-flags">Unstable
features</a> are not recommended for production use</em></p>
<ul>
<li>Add a new <code>unstable_useRouterState()</code> hook that
consolidates access to active and pending router states (RFC: <a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/12358">#12358</a>)
(<a
href="https://redirect.github.com/remix-run/react-router/pull/15017">#15017</a>)
<ul>
<li>
<p>Data/Framework/RSC only — throws when used without a data router</p>
</li>
<li>
<p>This should allow you to consolidate usages of the following hooks
which will likely be deprecated and removed in a future major
version</p>
<ul>
<li><code>useLocation</code></li>
<li><code>useSearchParams</code></li>
<li><code>useParams</code></li>
<li><code>useMatches</code></li>
<li><code>useNavigationType</code></li>
<li><code>useNavigation</code></li>
</ul>
<pre lang="ts"><code>let { active, pending } =
unstable_useRouterState();
<p>// Active is always populated with the current location
active.location; // replaces <code>useLocation()</code>
active.searchParams; // replaces <code>useSearchParams()[0]</code>
active.params; // replaces <code>useParams()</code>
active.matches; // replaces <code>useMatches()</code>
active.type; // replaces <code>useNavigationType()</code></p>
<p>// Pending is only populated during a navigation
pending.location; // replaces <code>useNavigation().location</code>
pending.searchParams; // equivalent to <code>new
URLSearchParams(useNavigation().search)</code>
pending.params; // Not directly accessible today
pending.matches; // Not directly accessible today
pending.type; // Not directly accessible today
pending.state; // replaces <code>useNavigation().state</code>
pending.formMethod; // replaces useNavigation().formMethod
pending.formAction; // replaces useNavigation().formAction
pending.formEncType; // replaces useNavigation().formEncType
pending.formData; // replaces useNavigation().formData
pending.json; // replaces useNavigation().json
pending.text; // replaces useNavigation().text
</code></pre></p>
</li>
</ul>
</li>
</ul>
<h2>v7.15.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/remix-run/react-router/commit/587d08fca6ca61e00f44c1eda95bf6e6a9ab76ef"><code>587d08f</code></a>
Release v7.15.1 (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15038">#15038</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/89996bd067d841b0e3be0e0b95e013e67a6a522a"><code>89996bd</code></a>
Fire onError for initial-load errors when RouterProvider mounts late (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15039">#15039</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/4322e58ded9b7f5c29de0f110a97f6f2a7c34fbc"><code>4322e58</code></a>
Update docs for useRouterState</li>
<li><a
href="https://github.com/remix-run/react-router/commit/fadd6c490cc84abc560a2413ee6fa0f2617d098d"><code>fadd6c4</code></a>
Merge branch 'main' into release</li>
<li><a
href="https://github.com/remix-run/react-router/commit/6bf91cef0e5d3d224d5580d485b6b716d96742d1"><code>6bf91ce</code></a>
chore: format</li>
<li><a
href="https://github.com/remix-run/react-router/commit/44c34783abbdd2be1a9fe1a4b843d49e704f9a0e"><code>44c3478</code></a>
fix: prevent fetcher formData flicker and eliminate state.fetchers
mutations ...</li>
<li><a
href="https://github.com/remix-run/react-router/commit/7e6725a4c513dea08689e72cf632bcd4f75e0171"><code>7e6725a</code></a>
Cleanup lint issues (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15030">#15030</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/aabd30c8d17fe698a64e096c9ee357cf1c3588fb"><code>aabd30c</code></a>
Use shared isMutationMethod check (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15033">#15033</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/954a4a6afe4a1a3bd3086dcc2f838cd2635fae3b"><code>954a4a6</code></a>
Fix stale SSR data when hydration is aborted by a same-route navigation
(<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15022">#15022</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/041cd3236e39edd4d0a2d34999a46b61211c1605"><code>041cd32</code></a>
fix(react-router): Internal preloads refactor to preserve types (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14860">#14860</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/remix-run/react-router/commits/react-router@7.15.1/packages/react-router">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:29:12 +00:00
dependabot[bot] 5e2889f682 chore: bump @types/lodash from 4.17.21 to 4.17.24 in /site (#25969) 
Bumps
[@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash)
from 4.17.21 to 4.17.24.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/lodash&package-manager=npm_and_yarn&previous-version=4.17.21&new-version=4.17.24)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:29:04 +00:00
dependabot[bot] 1c81b25bba chore: bump tailwind-merge from 2.6.0 to 2.6.1 in /site (#25965) 
Bumps [tailwind-merge](https://github.com/dcastil/tailwind-merge) from
2.6.0 to 2.6.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dcastil/tailwind-merge/releases">tailwind-merge's
releases</a>.</em></p>
<blockquote>
<h2>v2.6.1</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Fix arbitrary value using <code>color-mix</code> not being detected
as color by <a
href="https://github.com/dcastil"><code>@​dcastil</code></a> in <a
href="https://redirect.github.com/dcastil/tailwind-merge/issues/591">#591</a>
<ul>
<li>This fix was backported from v3.3.1 to make it available for v2
users.</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dcastil/tailwind-merge/compare/v2.6.0...v2.6.1">https://github.com/dcastil/tailwind-merge/compare/v2.6.0...v2.6.1</a></p>
<p>Thanks to <a
href="https://github.com/brandonmcconnell"><code>@​brandonmcconnell</code></a>,
<a href="https://github.com/manavm1990"><code>@​manavm1990</code></a>,
<a href="https://github.com/langy"><code>@​langy</code></a>, <a
href="https://github.com/roboflow"><code>@​roboflow</code></a>, <a
href="https://github.com/syntaxfm"><code>@​syntaxfm</code></a>, <a
href="https://github.com/getsentry"><code>@​getsentry</code></a>, <a
href="https://github.com/codecov"><code>@​codecov</code></a>, a private
sponsor, <a href="https://github.com/block"><code>@​block</code></a>, <a
href="https://github.com/openclaw"><code>@​openclaw</code></a> and more
via <a href="https://github.com/thnxdev"><code>@​thnxdev</code></a> for
sponsoring tailwind-merge! ❤️</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/03778635bfd7c73f0181e9aefbc5b01a0f804961"><code>0377863</code></a>
v2.6.1</li>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/ce73bc0b0363b7458c2a0cb6d874bf328bd17ea4"><code>ce73bc0</code></a>
Update publish workflow</li>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/793325f4ed96f9f4845cdf421629895694fc1171"><code>793325f</code></a>
add v2.6.1 to changelog</li>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/d4ec7cda0b79cff64cc01f60d16317f5871a6d88"><code>d4ec7cd</code></a>
.gitignore: Add Claude stuff</li>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/10e326ae5569c3989bf4ea65efb26e4b76bec82c"><code>10e326a</code></a>
Cherry-picked: Merge pull request <a
href="https://redirect.github.com/dcastil/tailwind-merge/issues/591">#591</a>
from dcastil/bugfix/590/fix-arbitrary-...</li>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/47c87d84cb18f22501aa219f65e226518a7a3c51"><code>47c87d8</code></a>
Merge pull request <a
href="https://redirect.github.com/dcastil/tailwind-merge/issues/515">#515</a>
from dcastil/dependabot/npm_and_yarn/vite-5.4.14</li>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/35eb83f10f8a0fd423cd6ad271da0b1bafdc25bd"><code>35eb83f</code></a>
Merge pull request <a
href="https://redirect.github.com/dcastil/tailwind-merge/issues/516">#516</a>
from dcastil/dependabot/npm_and_yarn/dot-github/actio...</li>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/faf70ccde1e74be8598ac5d1d20fda4d63b1c038"><code>faf70cc</code></a>
Bump undici from 5.28.4 to 5.28.5 in
/.github/actions/metrics-report</li>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/99f3ca4b381597c520c5c23da9315088a208b9d9"><code>99f3ca4</code></a>
Bump vite from 5.4.6 to 5.4.14</li>
<li><a
href="https://github.com/dcastil/tailwind-merge/commit/fb91ba41f4703719d6abfb1fa90f0814be17889b"><code>fb91ba4</code></a>
Merge pull request <a
href="https://redirect.github.com/dcastil/tailwind-merge/issues/514">#514</a>
from dcastil/other/480/make-label-name-in-label-workf...</li>
<li>Additional commits viewable in <a
href="https://github.com/dcastil/tailwind-merge/compare/v2.6.0...v2.6.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tailwind-merge&package-manager=npm_and_yarn&previous-version=2.6.0&new-version=2.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:24:42 +00:00
dependabot[bot] da3ce16d00 chore: bump protobufjs from 7.5.6 to 7.6.1 in /site (#25958) 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.6
to 7.6.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/protobufjs/protobuf.js/releases">protobufjs's
releases</a>.</em></p>
<blockquote>
<h2>protobufjs: v7.6.1</h2>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1">7.6.1</a>
(2026-05-22)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Backport misc utility hardening (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2280">#2280</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0">8a45c13</a>)</li>
<li>Treat fixed64 as unsigned in converters (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2266">#2266</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb">479dfdc</a>)</li>
</ul>
<h2>protobufjs: v7.6.0</h2>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0">7.6.0</a>
(2026-05-18)</h2>
<h3>Features</h3>
<ul>
<li>Support BigInt conversions (7.x) (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2258">#2258</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7">f769242</a>)</li>
</ul>
<h2>protobufjs: v7.5.9</h2>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9">7.5.9</a>
(2026-05-17)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Backport bundler-safe optional module lookups (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2254">#2254</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797">0853a62</a>)</li>
</ul>
<h2>protobufjs: v7.5.8</h2>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8">7.5.8</a>
(2026-05-12)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Backport parser hardening to 7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2245">#2245</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26">54b593f</a>)</li>
</ul>
<h2>protobufjs: v7.5.7</h2>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7">7.5.7</a>
(2026-05-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Restore first-match namespace lookup (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2236">#2236</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5">cc7d595</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.1/CHANGELOG.md">protobufjs's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1">7.6.1</a>
(2026-05-22)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Backport misc utility hardening (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2280">#2280</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0">8a45c13</a>)</li>
<li>Treat fixed64 as unsigned in converters (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2266">#2266</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb">479dfdc</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0">7.6.0</a>
(2026-05-18)</h2>
<h3>Features</h3>
<ul>
<li>Support BigInt conversions (7.x) (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2258">#2258</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7">f769242</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9">7.5.9</a>
(2026-05-17)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Backport bundler-safe optional module lookups (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2254">#2254</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797">0853a62</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8">7.5.8</a>
(2026-05-12)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Backport parser hardening to 7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2245">#2245</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26">54b593f</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7">7.5.7</a>
(2026-05-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Restore first-match namespace lookup (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2236">#2236</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5">cc7d595</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/f0b50d2fa1247d6652618190c2d6602e6830b90d"><code>f0b50d2</code></a>
chore: release protobufjs-v7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2268">#2268</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0"><code>8a45c13</code></a>
fix: Backport misc utility hardening (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2280">#2280</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb"><code>479dfdc</code></a>
fix: Treat fixed64 as unsigned in converters (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2266">#2266</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/e30c3341382b504a975d0d83f19170218cb461c3"><code>e30c334</code></a>
chore: release protobufjs-v7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2260">#2260</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7"><code>f769242</code></a>
feat: Support BigInt conversions (7.x) (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2258">#2258</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf"><code>ab3862d</code></a>
chore: release protobufjs-v7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2255">#2255</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797"><code>0853a62</code></a>
fix: Backport bundler-safe optional module lookups (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2254">#2254</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6"><code>d7035f9</code></a>
chore: release protobufjs-v7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2248">#2248</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26"><code>54b593f</code></a>
fix: Backport parser hardening to 7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2245">#2245</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a"><code>e88fcea</code></a>
chore: release protobufjs-v7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2239">#2239</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.6.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=protobufjs&package-manager=npm_and_yarn&previous-version=7.5.6&new-version=7.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:22:09 +00:00
dependabot[bot] cc533846db chore: bump @babel/core from 7.29.0 to 7.29.7 in /site (#25956) 
Bumps
[@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core)
from 7.29.0 to 7.29.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/releases">@​babel/core's
releases</a>.</em></p>
<blockquote>
<h2>v7.29.7 (2026-05-25)</h2>
<p>Re-release all packages with npm provenance attestations</p>
<h2>v7.29.6 (2026-05-25)</h2>
<h4>🐛 Bug Fix</h4>
<ul>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/18014">#18014</a>
Catchup source map position in preserveFormat (<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/18001">#18001</a>
[7.x packport]Improve input source map handling (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>, <code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17998">#17998</a>
Preserve original identifier names from input sourcemaps (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992">#17992</a>)
(<a href="https://github.com/Andarist"><code>@​Andarist</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 3</h4>
<ul>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
<li>Mateusz Burzyński (<a
href="https://github.com/Andarist"><code>@​Andarist</code></a>)</li>
<li>Nicolò Ribaudo (<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
</ul>
<h2>v7.29.5 (2026-05-05)</h2>
<h4>🏠  Internal</h4>
<ul>
<li><code>babel-preset-env</code>
<ul>
<li>Update <code>@babel/*</code> dependencies</li>
</ul>
</li>
</ul>
<h2>v7.29.4 (2026-05-05)</h2>
<h4>🐛 Bug Fix</h4>
<ul>
<li><code>babel-plugin-transform-modules-systemjs</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17974">#17974</a>
[7.x backport]fix(systemjs): improve module string name support (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 1</h4>
<ul>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
<h2>v7.29.3 (2026-04-30)</h2>
<h4>👓 Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17923">#17923</a>
Support flow extends bound (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>🐛 Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-proposal-decorators</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17931">#17931</a>
fix(decorators): replace super within all removed static elements (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-register</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17915">#17915</a> Fix
thread synchronization issues in <code>@babel/register</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-compat-data</code>,
<code>babel-plugin-bugfix-safari-rest-destructuring-rhs-array</code>,
<code>babel-preset-env</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17788">#17788</a> Add
bugfix plugin for Safari array rest destructuring bug (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>💅 Polish</h4>
<ul>
<li><code>babel-parser</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090"><code>4fba754</code></a>
v7.29.7</li>
<li><a
href="https://github.com/babel/babel/commit/04ea6b27fdac8f40c3481aec2080ac9678779509"><code>04ea6b2</code></a>
v7.29.6</li>
<li><a
href="https://github.com/babel/babel/commit/99f498a9b9fa0b900d603fbe8f6601bb3b9e42bb"><code>99f498a</code></a>
[7.x packport]Improve input source map handling (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/18001">#18001</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/feba0a3654c596bd369d1ef1231f5d56666d56dc"><code>feba0a3</code></a>
Preserve original identifier names from input sourcemaps (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992">#17992</a>)
(<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17998">#17998</a>)</li>
<li>See full diff in <a
href="https://github.com/babel/babel/commits/v7.29.7/packages/babel-core">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@babel/core&package-manager=npm_and_yarn&previous-version=7.29.0&new-version=7.29.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:20:55 +00:00
dependabot[bot] 5320702a8a chore: bump axios from 1.16.0 to 1.16.1 in /site (#25954) 
Bumps [axios](https://github.com/axios/axios) from 1.16.0 to 1.16.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>v1.16.1 — May 13, 2026</h2>
<p>This release ships a defence-in-depth fix for prototype pollution in
<code>formDataToJSON</code>, hardens proxy and CI workflows, restores
Webpack 4 compatibility for the fetch adapter, and includes several
small bug fixes and maintenance improvements.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Prototype Pollution Defence-in-Depth:</strong> Hardened
<code>formDataToJSON</code> against already-polluted
<code>Object.prototype</code> by walking own properties only, so
attacker-controlled keys inherited from a poisoned prototype cannot
propagate through deserialization. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li>
<li><strong>Proxy Cleartext Leak:</strong> Fixed an issue where HTTPS
request data could be transmitted in cleartext to an HTTP proxy under
certain configurations. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10858">#10858</a></strong>)</li>
<li><strong>CI Cache Removal:</strong> Removed all GitHub Actions caches
as a defence-in-depth measure against cache poisoning vectors in the
build pipeline. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10882">#10882</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Data URI Parsing:</strong> Updated the
<code>fromDataURI</code> regex to match RFC 2397 more strictly, fixing
edge cases in <code>data:</code> URL handling. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li>
<li><strong>Unicode Headers:</strong> Preserved Unicode header values
when running through request interceptors, so non-ASCII header content
is no longer corrupted before dispatch. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10850">#10850</a></strong>)</li>
<li><strong>XHR Upload Progress:</strong> Guarded against malformed
<code>ProgressEvent</code> payloads emitted by some environments during
XHR upload, preventing crashes when <code>loaded</code> /
<code>total</code> are missing or invalid. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li>
<li><strong>Webpack 4 Fetch Adapter:</strong> Fixed an &quot;unexpected
token&quot; error caused by syntax in the fetch adapter that Webpack 4
could not parse, restoring compatibility for legacy bundler users.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10864">#10864</a></strong>)</li>
<li><strong>Type Definitions:</strong> Made <code>parseReviver</code>
<code>context.source</code> optional in the type definitions to align
with the ES2023 specification. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10837">#10837</a></strong>)</li>
<li><strong>URL Object Support Reverted:</strong> Reverted the change
that allowed passing a <code>URL</code> object as
<code>config.url</code> (originally <strong><a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>)
due to regressions; this support will be reintroduced in a later release
once the underlying issues are addressed. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10874">#10874</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Cycle Detection Refactor:</strong> Replaced the array-based
cycle tracker in <code>toJSONObject</code> with a <code>WeakSet</code>,
improving performance and memory behaviour on large nested structures.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10832">#10832</a></strong>)</li>
<li><strong>composeSignals Cleanup:</strong> Refactored
<code>composeSignals</code> to use a clearer early-return structure,
simplifying the cancellation/abort composition path. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10844">#10844</a></strong>)</li>
<li><strong>AI Readiness &amp; Repo Docs:</strong> Added
<code>AGENTS.md</code> and related contributor-guide updates for both
human and AI agents, plus post-release documentation improvements.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10835">#10835</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10841">#10841</a></strong>)</li>
<li><strong>Docs Improvements:</strong> Clarified the GET request
example, fixed the interceptor <code>eject</code> example to reference
the correct instance, and corrected the Buzzoid sponsor description in
the README. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li>
<li><strong>Sponsorship Tooling:</strong> Fixed empty sponsor arrays in
the sponsor processing script, added the ability to inject additional
sponsors, updated the sponsorship link, and added a Twicsy advertisement
entry. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10843">#10843</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10859">#10859</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10869">#10869</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped <code>@commitlint/cli</code>
from 20.5.0 to 20.5.2. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10846">#10846</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve axios:</p>
<ul>
<li><strong><a
href="https://github.com/hpinmetaverse"><code>@​hpinmetaverse</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>)</li>
<li><strong><a
href="https://github.com/tommyhgunz14"><code>@​tommyhgunz14</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li>
<li><strong><a
href="https://github.com/abhu85"><code>@​abhu85</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li>
<li><strong><a
href="https://github.com/divyanshuraj1095"><code>@​divyanshuraj1095</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>)</li>
<li><strong><a
href="https://github.com/sagodi97"><code>@​sagodi97</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li>
<li><strong><a
href="https://github.com/rkdfx"><code>@​rkdfx</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li>
<li><strong><a
href="https://github.com/Liuwei1125"><code>@​Liuwei1125</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>)</li>
</ul>
<p><a
href="https://github.com/axios/axios/compare/v1.16.0...v1.16.1">Full
Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2>v1.16.1 — May 13, 2026</h2>
<p>This release ships a defence-in-depth fix for prototype pollution in
<code>formDataToJSON</code>, hardens proxy and CI workflows, restores
Webpack 4 compatibility for the fetch adapter, and includes several
small bug fixes and maintenance improvements.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Prototype Pollution Defence-in-Depth:</strong> Hardened
<code>formDataToJSON</code> against already-polluted
<code>Object.prototype</code> by walking own properties only, so
attacker-controlled keys inherited from a poisoned prototype cannot
propagate through deserialization. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li>
<li><strong>Proxy Cleartext Leak:</strong> Fixed an issue where HTTPS
request data could be transmitted in cleartext to an HTTP proxy under
certain configurations. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10858">#10858</a></strong>)</li>
<li><strong>CI Cache Removal:</strong> Removed all GitHub Actions caches
as a defence-in-depth measure against cache poisoning vectors in the
build pipeline. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10882">#10882</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Data URI Parsing:</strong> Updated the
<code>fromDataURI</code> regex to match RFC 2397 more strictly, fixing
edge cases in <code>data:</code> URL handling. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li>
<li><strong>Unicode Headers:</strong> Preserved Unicode header values
when running through request interceptors, so non-ASCII header content
is no longer corrupted before dispatch. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10850">#10850</a></strong>)</li>
<li><strong>XHR Upload Progress:</strong> Guarded against malformed
<code>ProgressEvent</code> payloads emitted by some environments during
XHR upload, preventing crashes when <code>loaded</code> /
<code>total</code> are missing or invalid. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li>
<li><strong>Webpack 4 Fetch Adapter:</strong> Fixed an &quot;unexpected
token&quot; error caused by syntax in the fetch adapter that Webpack 4
could not parse, restoring compatibility for legacy bundler users.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10864">#10864</a></strong>)</li>
<li><strong>Type Definitions:</strong> Made <code>parseReviver</code>
<code>context.source</code> optional in the type definitions to align
with the ES2023 specification. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10837">#10837</a></strong>)</li>
<li><strong>URL Object Support Reverted:</strong> Reverted the change
that allowed passing a <code>URL</code> object as
<code>config.url</code> (originally <strong><a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>)
due to regressions; this support will be reintroduced in a later release
once the underlying issues are addressed. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10874">#10874</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Cycle Detection Refactor:</strong> Replaced the array-based
cycle tracker in <code>toJSONObject</code> with a <code>WeakSet</code>,
improving performance and memory behaviour on large nested structures.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10832">#10832</a></strong>)</li>
<li><strong>composeSignals Cleanup:</strong> Refactored
<code>composeSignals</code> to use a clearer early-return structure,
simplifying the cancellation/abort composition path. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10844">#10844</a></strong>)</li>
<li><strong>AI Readiness &amp; Repo Docs:</strong> Added
<code>AGENTS.md</code> and related contributor-guide updates for both
human and AI agents, plus post-release documentation improvements.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10835">#10835</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10841">#10841</a></strong>)</li>
<li><strong>Docs Improvements:</strong> Clarified the GET request
example, fixed the interceptor <code>eject</code> example to reference
the correct instance, and corrected the Buzzoid sponsor description in
the README. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li>
<li><strong>Sponsorship Tooling:</strong> Fixed empty sponsor arrays in
the sponsor processing script, added the ability to inject additional
sponsors, updated the sponsorship link, and added a Twicsy advertisement
entry. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10843">#10843</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10859">#10859</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10869">#10869</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped <code>@commitlint/cli</code>
from 20.5.0 to 20.5.2. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10846">#10846</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve axios:</p>
<ul>
<li><strong><a
href="https://github.com/hpinmetaverse"><code>@​hpinmetaverse</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>)</li>
<li><strong><a
href="https://github.com/tommyhgunz14"><code>@​tommyhgunz14</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li>
<li><strong><a
href="https://github.com/abhu85"><code>@​abhu85</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li>
<li><strong><a
href="https://github.com/divyanshuraj1095"><code>@​divyanshuraj1095</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>)</li>
<li><strong><a
href="https://github.com/sagodi97"><code>@​sagodi97</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li>
<li><strong><a
href="https://github.com/rkdfx"><code>@​rkdfx</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li>
<li><strong><a
href="https://github.com/Liuwei1125"><code>@​Liuwei1125</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>)</li>
</ul>
<p><a
href="https://github.com/axios/axios/compare/v1.16.0...v1.16.1">Full
Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197"><code>1337d6b</code></a>
chore(release): prepare release 1.16.1 (<a
href="https://redirect.github.com/axios/axios/issues/10877">#10877</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e"><code>858a790</code></a>
fix: remove all caches (<a
href="https://redirect.github.com/axios/axios/issues/10882">#10882</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa"><code>34adfd9</code></a>
revert: &quot;fix: support URL object as config.url input (<a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a>)&quot;
(<a
href="https://redirect.github.com/axios/axios/issues/10874">#10874</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f"><code>847d89b</code></a>
fix: support URL object as config.url input (<a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212"><code>4094886</code></a>
fix(progress): guard malformed XHR upload events (<a
href="https://redirect.github.com/axios/axios/issues/10868">#10868</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7"><code>44f0c5b</code></a>
chore: change sponsorship link and add Twicsy advertisement (<a
href="https://redirect.github.com/axios/axios/issues/10869">#10869</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6"><code>64e1095</code></a>
chore: update PR and issue template to use h2 (<a
href="https://redirect.github.com/axios/axios/issues/10865">#10865</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280"><code>3e6b4e1</code></a>
fix: error unexpected token in fetch JS compatibility issue with Webpack
4 (#...</li>
<li><a
href="https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129"><code>c4453ba</code></a>
fix: add the ability to add additional sponsors to the process sponsors
scrip...</li>
<li><a
href="https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793"><code>caa00a9</code></a>
fix: https data in cleartext to proxy (<a
href="https://redirect.github.com/axios/axios/issues/10858">#10858</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.16.0...v1.16.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.16.0&new-version=1.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:20:33 +00:00
dependabot[bot] 91aee5010d chore: bump @fontsource-variable/geist from 5.2.8 to 5.2.9 in /site (#25953) 
Bumps
[@fontsource-variable/geist](https://github.com/fontsource/font-files/tree/HEAD/fonts/variable/geist)
from 5.2.8 to 5.2.9.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/fontsource/font-files/commits/HEAD/fonts/variable/geist">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@fontsource-variable/geist&package-manager=npm_and_yarn&previous-version=5.2.8&new-version=5.2.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:19:57 +00:00
dependabot[bot] 0182219011 chore: bump the react group across 1 directory with 3 updates (#25950) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps the react group with 3 updates in the /site directory:
[react](https://github.com/facebook/react/tree/HEAD/packages/react),
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)
and
[react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom).

Updates `react` from 19.2.5 to 19.2.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react's
releases</a>.</em></p>
<blockquote>
<h2>19.2.6 (May 6th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Type hardening and performance improvements
(<a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/facebook/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401"><code>eaf3e95</code></a>
Version 19.2.6</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.6/packages/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `@types/react` from 19.2.14 to 19.2.15
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-dom` from 19.2.5 to 19.2.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react-dom's
releases</a>.</em></p>
<blockquote>
<h2>19.2.6 (May 6th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Type hardening and performance improvements
(<a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/facebook/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401"><code>eaf3e95</code></a>
Version 19.2.6</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.6/packages/react-dom">compare
view</a></li>
</ul>
</details>
<br />

Updates `@types/react` from 19.2.14 to 19.2.15
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 08:18:02 +00:00
dependabot[bot] 011914bb14 chore: bump axios from 1.15.2 to 1.16.0 in /site (#25861) 
Bumps [axios](https://github.com/axios/axios) from 1.15.2 to 1.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>v1.16.0 — May 2, 2026</h2>
<p>This release adds support for the QUERY HTTP method and a new
<code>ECONNREFUSED</code> error constant, lands a substantial wave of
HTTP, fetch, and XHR adapter bug fixes around redirects, aborts,
headers, and timeouts, and welcomes 23 new contributors.</p>
<h2>⚠️ Notable Changes</h2>
<p>A handful of fixes in this release are either security-adjacent or
change observable behaviour. Please review before upgrading:</p>
<ul>
<li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and
<code>maxContentLength</code>.</strong> These limits were silently
ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as
a safety net (DoS protection, accidental large uploads) had no
protection. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>)</li>
<li><strong>Proxy requests now preserve user-supplied <code>Host</code>
headers.</strong> Previously, the proxy path could overwrite a custom
<code>Host</code>. Virtual-host-style routing through a proxy will now
behave correctly. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>)</li>
<li><strong>Basic auth credentials embedded in URLs are now
URL-decoded.</strong> If you have percent-encoded credentials in a URL
(e.g. <code>https://user:p%40ss@host</code>), the decoded value is what
now goes on the wire. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li>
<li><strong><code>parseProtocol</code> now strictly requires a colon in
the protocol separator.</strong> Strings that loosely parsed as
protocols before may no longer match. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li>
<li><strong>Deprecated <code>unescape()</code> replaced with modern
UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct;
consumers depending on legacy <code>unescape()</code> quirks may see
different output bytes. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li>
<li><strong><code>transformRequest</code> input typing change was
reverted.</strong> The typing change introduced in <a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a>
was reverted in <a
href="https://redirect.github.com/axios/axios/issues/10810">#10810</a>
after follow-up review — net behavior is unchanged from 1.15.2.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP
method across adapters and type definitions. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10802">#10802</a></strong>)</li>
<li><strong>ECONNREFUSED Error Constant:</strong> Exposed
<code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so
callers can match connection-refused failures without comparing string
literals (closes <a
href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>).
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li>
<li><strong>Encode Helper Export:</strong> Exported the internal
<code>encode</code> helper from <code>buildURL</code> so userland param
serializers can reuse the same encoding logic that axios uses
internally. (<strong><a
href="https://redirect.github.com/axios/axios/issues/6897">#6897</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>HTTP Adapter — Redirects &amp; Headers:</strong> Cleared
stale headers when a redirect targets a no-proxy host, fixed the
redirect listener chain so listeners no longer stack across hops,
restored the missing <code>requestDetails</code> argument on
<code>beforeRedirect</code>, preserved user-supplied <code>Host</code>
headers when forwarding through a proxy, and properly URL-decoded basic
auth credentials. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10794">#10794</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10800">#10800</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/6241">#6241</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li>
<li><strong>HTTP Adapter — Streams &amp; Timeouts:</strong> Preserved
the partial response object on <code>AxiosError</code> when a stream is
aborted after headers arrive, honoured the <code>timeout</code> option
during the connect phase when redirects are disabled, and resolved an
unsettled-promise hang when an aborted request was combined with
compression and <code>maxRedirects: 0</code>. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10708">#10708</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10819">#10819</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7149">#7149</a></strong>)</li>
<li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code>
/ <code>maxContentLength</code> in the fetch adapter, set the
<code>User-Agent</code> header to match the HTTP adapter, preserved the
original abort reason instead of replacing it with a generic error, and
deferred global access so importing the module no longer throws a
<code>TypeError</code> in restricted environments. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10772">#10772</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10806">#10806</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7260">#7260</a></strong>)</li>
<li><strong>XHR Adapter:</strong> Unsubscribed the
<code>cancelToken</code> and <code>AbortSignal</code> listeners on the
error, timeout, and abort code paths to prevent leaked subscriptions.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li>
<li><strong>Error Handling:</strong> Attached the parsed response to
<code>AxiosError</code> when <code>JSON.parse</code> fails inside
<code>dispatchRequest</code>, prevented <code>settle</code> from
emitting <code>undefined</code> error codes, and tightened the
<code>parseProtocol</code> regex to require a colon in the protocol
separator. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10724">#10724</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7276">#7276</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li>
<li><strong>Types &amp; Exports:</strong> Aligned the CommonJS
<code>CancelToken</code> typings with the ESM build, fixed a compiler
error caused by <code>RawAxiosHeaders</code>, and re-exported
<code>create</code> from the package index. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7414">#7414</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/6389">#6389</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/6460">#6460</a></strong>)</li>
<li><strong>UTF-8 Encoding:</strong> Replaced the deprecated
<code>unescape()</code> call with a modern UTF-8 encoding
implementation. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li>
<li><strong>Misc Cleanup:</strong> Resolved a batch of small
inconsistencies and gadget-level issues across the codebase. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10833">#10833</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Refactor — ES6 Modernisation:</strong> Modernised the
<code>utils</code> module and XHR adapter to use ES6 features, and
tidied the multipart boundary error message. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li>
<li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to
fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform
support for the pipe tests, and corrected an incorrect test assumption.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10820">#10820</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10791">#10791</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10796">#10796</a></strong>)</li>
<li><strong>Docs:</strong> Documented
<code>paramsSerializer.encode</code> for strict RFC 3986 query encoding,
updated the <code>parseReviver</code> TypeScript definitions and
configuration docs for ES2023, added timeout guidance to the README's
first async example, and expanded notes around the recent type changes.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10821">#10821</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10782">#10782</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10759">#10759</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10804">#10804</a></strong>)</li>
<li><strong>Reverted:</strong> Reverted the
<code>transformRequest</code> input typing change from <a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a>
after follow-up review. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped
<code>actions/setup-node</code>, the <code>github-actions</code> group,
and <code>postcss</code> (in <code>/docs</code>) to their latest
versions. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10785">#10785</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10813">#10813</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10814">#10814</a></strong>)</li>
<li><strong>Release:</strong> Updated changelog and packages, and
prepared the 1.16.0 release. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10790">#10790</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10834">#10834</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve axios:</p>
<ul>
<li><strong><a
href="https://github.com/singhankit001"><code>@​singhankit001</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>)</li>
<li><strong><a
href="https://github.com/cuiweixie"><code>@​cuiweixie</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li>
<li><strong><a
href="https://github.com/iruizsalinas"><code>@​iruizsalinas</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li>
<li><strong><a
href="https://github.com/MarcosNocetti"><code>@​MarcosNocetti</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li>
<li><strong><a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2>v1.16.0 — May 2, 2026</h2>
<p>This release adds support for the QUERY HTTP method and a new
<code>ECONNREFUSED</code> error constant, lands a substantial wave of
HTTP, fetch, and XHR adapter bug fixes around redirects, aborts,
headers, and timeouts, and welcomes 23 new contributors.</p>
<h2>⚠️ Notable Changes</h2>
<p>A handful of fixes in this release are either security-adjacent or
change observable behaviour. Please review before upgrading:</p>
<ul>
<li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and
<code>maxContentLength</code>.</strong> These limits were silently
ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as
a safety net (DoS protection, accidental large uploads) had no
protection. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>)</li>
<li><strong>Proxy requests now preserve user-supplied <code>Host</code>
headers.</strong> Previously, the proxy path could overwrite a custom
<code>Host</code>. Virtual-host-style routing through a proxy will now
behave correctly. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>)</li>
<li><strong>Basic auth credentials embedded in URLs are now
URL-decoded.</strong> If you have percent-encoded credentials in a URL
(e.g. <code>https://user:p%40ss@host</code>), the decoded value is what
now goes on the wire. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li>
<li><strong><code>parseProtocol</code> now strictly requires a colon in
the protocol separator.</strong> Strings that loosely parsed as
protocols before may no longer match. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li>
<li><strong>Deprecated <code>unescape()</code> replaced with modern
UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct;
consumers depending on legacy <code>unescape()</code> quirks may see
different output bytes. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li>
<li><strong><code>transformRequest</code> input typing change was
reverted.</strong> The typing change introduced in <a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a>
was reverted in <a
href="https://redirect.github.com/axios/axios/issues/10810">#10810</a>
after follow-up review — net behavior is unchanged from 1.15.2.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP
method across adapters and type definitions. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10802">#10802</a></strong>)</li>
<li><strong>ECONNREFUSED Error Constant:</strong> Exposed
<code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so
callers can match connection-refused failures without comparing string
literals (closes <a
href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>).
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li>
<li><strong>Encode Helper Export:</strong> Exported the internal
<code>encode</code> helper from <code>buildURL</code> so userland param
serializers can reuse the same encoding logic that axios uses
internally. (<strong><a
href="https://redirect.github.com/axios/axios/issues/6897">#6897</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>HTTP Adapter — Redirects &amp; Headers:</strong> Cleared
stale headers when a redirect targets a no-proxy host, fixed the
redirect listener chain so listeners no longer stack across hops,
restored the missing <code>requestDetails</code> argument on
<code>beforeRedirect</code>, preserved user-supplied <code>Host</code>
headers when forwarding through a proxy, and properly URL-decoded basic
auth credentials. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10794">#10794</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10800">#10800</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/6241">#6241</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li>
<li><strong>HTTP Adapter — Streams &amp; Timeouts:</strong> Preserved
the partial response object on <code>AxiosError</code> when a stream is
aborted after headers arrive, honoured the <code>timeout</code> option
during the connect phase when redirects are disabled, and resolved an
unsettled-promise hang when an aborted request was combined with
compression and <code>maxRedirects: 0</code>. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10708">#10708</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10819">#10819</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7149">#7149</a></strong>)</li>
<li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code>
/ <code>maxContentLength</code> in the fetch adapter, set the
<code>User-Agent</code> header to match the HTTP adapter, preserved the
original abort reason instead of replacing it with a generic error, and
deferred global access so importing the module no longer throws a
<code>TypeError</code> in restricted environments. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10772">#10772</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10806">#10806</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7260">#7260</a></strong>)</li>
<li><strong>XHR Adapter:</strong> Unsubscribed the
<code>cancelToken</code> and <code>AbortSignal</code> listeners on the
error, timeout, and abort code paths to prevent leaked subscriptions.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li>
<li><strong>Error Handling:</strong> Attached the parsed response to
<code>AxiosError</code> when <code>JSON.parse</code> fails inside
<code>dispatchRequest</code>, prevented <code>settle</code> from
emitting <code>undefined</code> error codes, and tightened the
<code>parseProtocol</code> regex to require a colon in the protocol
separator. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10724">#10724</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7276">#7276</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li>
<li><strong>Types &amp; Exports:</strong> Aligned the CommonJS
<code>CancelToken</code> typings with the ESM build, fixed a compiler
error caused by <code>RawAxiosHeaders</code>, and re-exported
<code>create</code> from the package index. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7414">#7414</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/6389">#6389</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/6460">#6460</a></strong>)</li>
<li><strong>UTF-8 Encoding:</strong> Replaced the deprecated
<code>unescape()</code> call with a modern UTF-8 encoding
implementation. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li>
<li><strong>Misc Cleanup:</strong> Resolved a batch of small
inconsistencies and gadget-level issues across the codebase. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10833">#10833</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Refactor — ES6 Modernisation:</strong> Modernised the
<code>utils</code> module and XHR adapter to use ES6 features, and
tidied the multipart boundary error message. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li>
<li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to
fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform
support for the pipe tests, and corrected an incorrect test assumption.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10820">#10820</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10791">#10791</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10796">#10796</a></strong>)</li>
<li><strong>Docs:</strong> Documented
<code>paramsSerializer.encode</code> for strict RFC 3986 query encoding,
updated the <code>parseReviver</code> TypeScript definitions and
configuration docs for ES2023, added timeout guidance to the README's
first async example, and expanded notes around the recent type changes.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10821">#10821</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10782">#10782</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10759">#10759</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10804">#10804</a></strong>)</li>
<li><strong>Reverted:</strong> Reverted the
<code>transformRequest</code> input typing change from <a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a>
after follow-up review. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped
<code>actions/setup-node</code>, the <code>github-actions</code> group,
and <code>postcss</code> (in <code>/docs</code>) to their latest
versions. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10785">#10785</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10813">#10813</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10814">#10814</a></strong>)</li>
<li><strong>Release:</strong> Updated changelog and packages, and
prepared the 1.16.0 release. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10790">#10790</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10834">#10834</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve axios:</p>
<ul>
<li><strong><a
href="https://github.com/singhankit001"><code>@​singhankit001</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>)</li>
<li><strong><a
href="https://github.com/cuiweixie"><code>@​cuiweixie</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li>
<li><strong><a
href="https://github.com/iruizsalinas"><code>@​iruizsalinas</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li>
<li><strong><a
href="https://github.com/MarcosNocetti"><code>@​MarcosNocetti</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li>
<li><strong><a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc"><code>df53d7d</code></a>
chore(release): prepare release 1.16.0 (<a
href="https://redirect.github.com/axios/axios/issues/10834">#10834</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e"><code>9d92bcd</code></a>
fix: gadgets and smaller issues (<a
href="https://redirect.github.com/axios/axios/issues/10833">#10833</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435"><code>5107ee6</code></a>
fix: prevent undefined error codes in settle (<a
href="https://redirect.github.com/axios/axios/issues/7276">#7276</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8"><code>e573499</code></a>
fix(fetch): defer global access in fetch adapter (<a
href="https://redirect.github.com/axios/axios/issues/7260">#7260</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3"><code>ad68e1a</code></a>
fix(http): honor timeout during connect without redirects (<a
href="https://redirect.github.com/axios/axios/issues/10819">#10819</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d"><code>2a51828</code></a>
fix(http): decode URL basic auth credentials (<a
href="https://redirect.github.com/axios/axios/issues/10825">#10825</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1"><code>0e8b6bb</code></a>
fix(http): preserve user-supplied Host header when forwarding through a
proxy...</li>
<li><a
href="https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b"><code>79f39e1</code></a>
docs: document paramsSerializer.encode for strict RFC 3986 query
encoding (<a
href="https://redirect.github.com/axios/axios/issues/1">#1</a>...</li>
<li><a
href="https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e"><code>0fe3a5f</code></a>
[Docs/Types] Update <code>parseReviver</code> TypeScript definitions for
ES2023 and add ...</li>
<li><a
href="https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d"><code>cd6737f</code></a>
chore: matches the sibling responseStream.on(aborted) handler and added
tests...</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.15.2...v1.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.15.2&new-version=1.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-29 16:07:32 +00:00
Danielle Maywood 962b6850cf chore(site): update lexical to 0.44.0 (#25524) 2026-05-20 11:52:43 +01:00
dependabot[bot] eedde58b55 chore: bump protobufjs from 7.5.5 to 7.5.6 in /site (#25222) 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.5
to 7.5.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/protobufjs/protobuf.js/releases">protobufjs's
releases</a>.</em></p>
<blockquote>
<h2>protobufjs: v7.5.6</h2>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6">7.5.6</a>
(2026-04-27)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Backport input hardening and CLI fixes to 7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2173">#2173</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454">75392ea</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md">protobufjs's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6">7.5.6</a>
(2026-04-27)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Backport input hardening and CLI fixes to 7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2173">#2173</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454">75392ea</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4">7.5.4</a>
(2025-08-15)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>invalid syntax in descriptor.proto (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2092">#2092</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760">5a3769a</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3">7.5.3</a>
(2025-05-28)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>descriptor extensions handling post-editions (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2075">#2075</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68">6e255d4</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2">7.5.2</a>
(2025-05-14)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>ensure that types are always resolved (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2068">#2068</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040">4b51cb2</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1">7.5.1</a>
(2025-05-08)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>optimize regressions from editions implementations (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2066">#2066</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b">6406d4c</a>)</li>
<li>reserved field inside group blocks fail parsing (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2058">#2058</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad">56782bf</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0">7.5.0</a>
(2025-04-15)</h2>
<h3>Features</h3>
<ul>
<li>add Edition 2023 Support (<a
href="https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3">f04ded3</a>)</li>
<li>add Edition 2023 Support (<a
href="https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b">ac9a3b9</a>)</li>
<li>add Edition 2023 Support (<a
href="https://github.com/protobufjs/protobuf.js/commit/e5ca5c84e326699e10258367883a54934e0bfe14">e5ca5c8</a>)</li>
<li>add Edition 2023 Support (<a
href="https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1">a84409b</a>)</li>
<li>add Edition 2023 Support (<a
href="https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9">9c5a178</a>)</li>
<li>add Edition 2023 Support (<a
href="https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e">b2c6867</a>)</li>
<li>add Edition 2023 Support (<a
href="https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef">60f3e51</a>)</li>
<li>add Edition 2023 Support (<a
href="https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64">a656361</a>)</li>
<li>add Edition 2023 Support (<a
href="https://github.com/protobufjs/protobuf.js/commit/869a95b1e5f553c76243aac45619061407a41084">869a95b</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe"><code>2189e5b</code></a>
chore: release protobufjs-v7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2174">#2174</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454"><code>75392ea</code></a>
fix: Backport input hardening and CLI fixes to 7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2173">#2173</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd"><code>8af8d7c</code></a>
chore(ci): Fix 7.x release please configuration (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2169">#2169</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6"><code>e92ca42</code></a>
chore(ci): Enable release-please for 7.x (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2166">#2166</a>)</li>
<li>See full diff in <a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for protobufjs since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=protobufjs&package-manager=npm_and_yarn&previous-version=7.5.5&new-version=7.5.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-12 20:29:06 +00:00
Kayla はな 8d919e5411 chore: add storybook mcp (#25094) 2026-05-08 12:28:31 -06:00
Jon Ayers 400374992c fix: add pnpm overrides for vulnerable transitive dependencies (#25064) 2026-05-07 15:11:32 -05:00
Jon Ayers be5753dd63 chore: pin overrides in site/package.json (#25052) 2026-05-07 12:31:33 -05:00
dependabot[bot] 6d633a0283 chore: bump react-router from 7.9.6 to 7.12.0 in /site (#25048) 
Bumps
[react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router)
from 7.9.6 to 7.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/releases">react-router's
releases</a>.</em></p>
<blockquote>
<h2>v7.12.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120</a></p>
<h2>v7.11.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110</a></p>
<h2>v7.10.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101</a></p>
<h2>v7.10.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's
changelog</a>.</em></p>
<blockquote>
<h2>7.12.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>Add additional layer of CSRF protection by rejecting submissions to
UI routes from external origins. If you need to permit access to
specific external origins, you can specify them in the
<code>react-router.config.ts</code> config
<code>allowedActionOrigins</code> field. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14708">#14708</a>)</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p>Fix <code>generatePath</code> when used with suffixed params (i.e.,
&quot;/books/:id.json&quot;) (<a
href="https://redirect.github.com/remix-run/react-router/pull/14269">#14269</a>)</p>
</li>
<li>
<p>Export <code>UNSAFE_createMemoryHistory</code> and
<code>UNSAFE_createHashHistory</code> alongside
<code>UNSAFE_createBrowserHistory</code> for consistency. These are not
intended to be used for new apps but intended to help apps usiong
<code>unstable_HistoryRouter</code> migrate from v6-&gt;v7 so they can
adopt the newer APIs. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14663">#14663</a>)</p>
</li>
<li>
<p>Escape HTML in scroll restoration keys (<a
href="https://redirect.github.com/remix-run/react-router/pull/14705">#14705</a>)</p>
</li>
<li>
<p>Validate redirect locations (<a
href="https://redirect.github.com/remix-run/react-router/pull/14706">#14706</a>)</p>
</li>
<li>
<p>[UNSTABLE] Pass <code>&lt;Scripts nonce&gt;</code> value through to
the underlying <code>importmap</code> <code>script</code> tag when using
<code>future.unstable_subResourceIntegrity</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14675">#14675</a>)</p>
</li>
<li>
<p>[UNSTABLE] Add a new
<code>future.unstable_trailingSlashAwareDataRequests</code> flag to
provide consistent behavior of <code>request.pathname</code> inside
<code>middleware</code>, <code>loader</code>, and <code>action</code>
functions on document and data requests when a trailing slash is present
in the browser URL. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14644">#14644</a>)</p>
<p>Currently, your HTTP and <code>request</code> pathnames would be as
follows for <code>/a/b/c</code> and <code>/a/b/c/</code></p>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c</code></td>
<td><code>/a/b/c</code> </td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c.data</code></td>
<td><code>/a/b/c</code> </td>
</tr>
</tbody>
</table>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c/</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c/</code></td>
<td><code>/a/b/c/</code> </td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c.data</code></td>
<td><code>/a/b/c</code> ⚠️</td>
</tr>
</tbody>
</table>
<p>With this flag enabled, these pathnames will be made consistent
though a new <code>_.data</code> format for client-side
<code>.data</code> requests:</p>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c</code></td>
<td><code>/a/b/c</code> </td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c.data</code></td>
<td><code>/a/b/c</code> </td>
</tr>
</tbody>
</table>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c/</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c/</code></td>
<td><code>/a/b/c/</code> </td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c/_.data</code> ⬅️</td>
<td><code>/a/b/c/</code> </td>
</tr>
</tbody>
</table>
<p>This a bug fix but we are putting it behind an opt-in flag because it
has the potential to be a &quot;breaking bug fix&quot; if you are
relying on the URL format for any other application or caching
logic.</p>
<p>Enabling this flag also changes the format of client side
<code>.data</code> requests from <code>/_root.data</code> to
<code>/_.data</code> when navigating to <code>/</code> to align with the
new format. This does not impact the <code>request</code> pathname which
is still <code>/</code> in all cases.</p>
</li>
<li>
<p>Preserve <code>clientLoader.hydrate=true</code> when using
<code>&lt;HydratedRouter unstable_instrumentations&gt;</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14674">#14674</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/remix-run/react-router/commit/26653a6bcbf8a9c5541f99dcfb526eafadf13434"><code>26653a6</code></a>
chore: Update version for release (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14712">#14712</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/7ac2346873b4bba26d16c88e5cd5c5cb81ce6bb3"><code>7ac2346</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14709">#14709</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/75b1ef50867d8fa3d5ffdab28245d5fec307d6a7"><code>75b1ef5</code></a>
Add origin checks for UI route submissions (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14708">#14708</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/c05ef936fd9334f82aafa7e9087b78a8bf5c745d"><code>c05ef93</code></a>
Validate redirect locations (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14706">#14706</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/c89c32c562a7723c45ee71dab1c892acaf7a608d"><code>c89c32c</code></a>
Escape HTML in scroll restoration keys (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14705">#14705</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/cbcbf3091b55ef0067724fbd744f31c6d85eb1e6"><code>cbcbf30</code></a>
fix: pass nonce to importmap script when using subResourceIntegrity (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14675">#14675</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/30f6c1d8142cbd2c26aef57cb2e12a4a8708eb4f"><code>30f6c1d</code></a>
fix(react-router): handle parameters with static suffixes in
generatePath (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/1">#1</a>...</li>
<li><a
href="https://github.com/remix-run/react-router/commit/7f140e098ecd83fd183468e0c0acae86589bfd11"><code>7f140e0</code></a>
Handle data requests with trailing slash consistently (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14644">#14644</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/1954af63742be277162f8d5d054ca07e04a4a401"><code>1954af6</code></a>
Preserve hydrate property on client loaders during instrumentation (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14674">#14674</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/5ce5cd4ebfc6959bf8d667075cb5b9ae0a9d5476"><code>5ce5cd4</code></a>
chore: format</li>
<li>Additional commits viewable in <a
href="https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=react-router&package-manager=npm_and_yarn&previous-version=7.9.6&new-version=7.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-07 16:41:36 +00:00
dependabot[bot] 2505709475 chore: bump axios from 1.15.0 to 1.15.2 in /site (#24965) 
Bumps [axios](https://github.com/axios/axios) from 1.15.0 to 1.15.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>v1.15.2</h2>
<p>This release delivers prototype-pollution hardening for the Node HTTP
adapter, adds an opt-in <code>allowedSocketPaths</code> allowlist to
mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory
leak, and ships supply-chain hardening across CI and security docs.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Prototype Pollution Hardening (HTTP Adapter):</strong>
Hardened the Node HTTP adapter and
<code>resolveConfig</code>/<code>mergeConfig</code>/validator paths to
read only own properties and use null-prototype config objects,
preventing polluted <code>auth</code>, <code>baseURL</code>,
<code>socketPath</code>, <code>beforeRedirect</code>, and
<code>insecureHTTPParser</code> from influencing requests. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10779">#10779</a></strong>)</li>
<li><strong>SSRF via <code>socketPath</code>:</strong> Rejects
non-string <code>socketPath</code> values and adds an opt-in
<code>allowedSocketPaths</code> config option to restrict permitted Unix
domain socket paths, returning <code>AxiosError</code>
<code>ERR_BAD_OPTION_VALUE</code> on mismatch. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10777">#10777</a></strong>)</li>
<li><strong>Supply-chain Hardening:</strong> Added <code>.npmrc</code>
with <code>ignore-scripts=true</code>, lockfile lint CI, non-blocking
reproducible build diff, scoped CODEOWNERS, expanded
<code>SECURITY.md</code>/<code>THREATMODEL.md</code> with provenance
verification (<code>npm audit signatures</code>), 60-day resolution
policy, and maintainer incident-response runbook. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10776">#10776</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong><code>allowedSocketPaths</code> Config Option:</strong> New
request config option (and TypeScript types) to allowlist Unix domain
socket paths used by the Node http adapter; backwards compatible when
unset. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10777">#10777</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Keep-alive Socket Memory Leak:</strong> Installs a single
per-socket <code>error</code> listener tracking the active request via
<code>kAxiosSocketListener</code>/<code>kAxiosCurrentReq</code>,
eliminating per-request listener accumulation,
<code>MaxListenersExceededWarning</code>, and linear heap growth under
concurrent or long-running keep-alive workloads (fixes <a
href="https://redirect.github.com/axios/axios/issues/10780">#10780</a>).
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10788">#10788</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Changelog:</strong> Updated <code>CHANGELOG.md</code> with
v1.15.1 release notes. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10781">#10781</a></strong>)</li>
</ul>
<p><a
href="https://github.com/axios/axios/compare/v1.15.1...v1.15.2">Full
Changelog</a></p>
<h2>v1.15.1</h2>
<p>This release ships a coordinated set of security hardening fixes
across headers, body/redirect limits, multipart handling, and
XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes,
test migrations, and threat-model documentation updates.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Header Injection Hardening:</strong> Tightened validation
and sanitisation across request header construction to close the
header-injection attack surface. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10749">#10749</a></strong>)</li>
<li><strong>CRLF Stripping in Multipart Headers:</strong> Correctly
strips CR/LF from multipart header values to prevent injection via field
names and filenames. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10758">#10758</a></strong>)</li>
<li><strong>Prototype Pollution / Auth Bypass:</strong> Replaced unsafe
<code>in</code> checks with <code>hasOwnProperty</code> to prevent
authentication bypass via prototype pollution on config objects, with
additional regression tests. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10761">#10761</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10760">#10760</a></strong>)</li>
<li><strong><code>withXSRFToken</code> Truthy Bypass:</strong>
Short-circuits on any truthy non-boolean value, so an ambiguous config
no longer silently leaks the XSRF token cross-origin. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10762">#10762</a></strong>)</li>
<li><strong><code>maxBodyLength</code> With Zero Redirects:</strong>
Enforces <code>maxBodyLength</code> even when <code>maxRedirects</code>
is set to <code>0</code>, closing a bypass path for oversized request
bodies. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10753">#10753</a></strong>)</li>
<li><strong>Streamed Response <code>maxContentLength</code>
Bypass:</strong> Applies <code>maxContentLength</code> to streamed
responses that previously bypassed the cap. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10754">#10754</a></strong>)</li>
<li><strong>Follow-up CVE Completion:</strong> Completes an earlier
incomplete CVE fix to fully close the regression window. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10755">#10755</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>AI-Based Docs Translations:</strong> Initial scaffold for
AI-assisted translations of the documentation site. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10705">#10705</a></strong>)</li>
<li><strong><code>Location</code> Request Header Type:</strong> Adds
<code>Location</code> to <code>CommonRequestHeadersList</code> for
accurate typing of redirect-aware requests. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7528">#7528</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>FormData Handling:</strong> Removes
<code>Content-Type</code> when no boundary is present on
<code>FormData</code> fetch requests, supports multi-select fields,
cancels <code>request.body</code> instead of the source stream on fetch
abort, and fixes a recursion bug in form-data serialisation. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7314">#7314</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10676">#10676</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10702">#10702</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10726">#10726</a></strong>)</li>
<li><strong>HTTP Adapter:</strong> Handles socket-only request errors
without leaking keep-alive listeners. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10576">#10576</a></strong>)</li>
<li><strong>Progress Events:</strong> Clamps <code>loaded</code> to
<code>total</code> for computable upload/download progress events.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7458">#7458</a></strong>)</li>
<li><strong>Types:</strong> Aligns <code>runWhen</code> type with the
runtime behaviour in <code>InterceptorManager</code> and makes response
header keys case-insensitive. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7529">#7529</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10677">#10677</a></strong>)</li>
<li><strong><code>buildFullPath</code>:</strong> Uses strict equality in
the base/relative URL check. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7252">#7252</a></strong>)</li>
<li><strong><code>AxiosURLSearchParams</code> Regex:</strong> Improves
the regex used for param serialisation to avoid edge-case mismatches.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10736">#10736</a></strong>)</li>
<li><strong>Resilient Value Parsing:</strong> Parses out header/config
values instead of throwing on malformed input. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10687">#10687</a></strong>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2>v1.15.2 - April 21, 2026</h2>
<p>This release delivers prototype-pollution hardening for the Node HTTP
adapter, adds an opt-in <code>allowedSocketPaths</code> allowlist to
mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory
leak, and ships supply-chain hardening across CI and security docs.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Prototype Pollution Hardening (HTTP Adapter):</strong>
Hardened the Node HTTP adapter and
<code>resolveConfig</code>/<code>mergeConfig</code>/validator paths to
read only own properties and use null-prototype config objects,
preventing polluted <code>auth</code>, <code>baseURL</code>,
<code>socketPath</code>, <code>beforeRedirect</code>, and
<code>insecureHTTPParser</code> from influencing requests. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10779">#10779</a></strong>)</li>
<li><strong>SSRF via <code>socketPath</code>:</strong> Rejects
non-string <code>socketPath</code> values and adds an opt-in
<code>allowedSocketPaths</code> config option to restrict permitted Unix
domain socket paths, returning <code>AxiosError</code>
<code>ERR_BAD_OPTION_VALUE</code> on mismatch. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10777">#10777</a></strong>)</li>
<li><strong>Supply-chain Hardening:</strong> Added <code>.npmrc</code>
with <code>ignore-scripts=true</code>, lockfile lint CI, non-blocking
reproducible build diff, scoped CODEOWNERS, expanded
<code>SECURITY.md</code>/<code>THREATMODEL.md</code> with provenance
verification (<code>npm audit signatures</code>), 60-day resolution
policy, and maintainer incident-response runbook. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10776">#10776</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong><code>allowedSocketPaths</code> Config Option:</strong> New
request config option (and TypeScript types) to allowlist Unix domain
socket paths used by the Node http adapter; backwards compatible when
unset. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10777">#10777</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Keep-alive Socket Memory Leak:</strong> Installs a single
per-socket <code>error</code> listener tracking the active request via
<code>kAxiosSocketListener</code>/<code>kAxiosCurrentReq</code>,
eliminating per-request listener accumulation,
<code>MaxListenersExceededWarning</code>, and linear heap growth under
concurrent or long-running keep-alive workloads (fixes <a
href="https://redirect.github.com/axios/axios/issues/10780">#10780</a>).
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10788">#10788</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Changelog:</strong> Updated <code>CHANGELOG.md</code> with
v1.15.1 release notes. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10781">#10781</a></strong>)</li>
</ul>
<p><a
href="https://github.com/axios/axios/compare/v1.15.1...v1.15.2">Full
Changelog</a></p>
<hr />
<h2>v1.15.1 - April 19, 2026</h2>
<p>This release ships a coordinated set of security hardening fixes
across headers, body/redirect limits, multipart handling, and
XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes,
test migrations, and threat-model documentation updates.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li>
<p><strong>Header Injection Hardening:</strong> Tightened validation and
sanitisation across request header construction to close the
header-injection attack surface. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10749">#10749</a></strong>)</p>
</li>
<li>
<p><strong>CRLF Stripping in Multipart Headers:</strong> Correctly
strips CR/LF from multipart header values to prevent injection via field
names and filenames. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10758">#10758</a></strong>)</p>
</li>
<li>
<p><strong>Prototype Pollution / Auth Bypass:</strong> Replaced unsafe
<code>in</code> checks with <code>hasOwnProperty</code> to prevent
authentication bypass via prototype pollution on config objects, with
additional regression tests. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10761">#10761</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10760">#10760</a></strong>)</p>
</li>
<li>
<p><strong><code>withXSRFToken</code> Truthy Bypass:</strong>
Short-circuits on any truthy non-boolean value, so an ambiguous config
no longer silently leaks the XSRF token cross-origin. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10762">#10762</a></strong>)</p>
</li>
<li>
<p><strong><code>maxBodyLength</code> With Zero Redirects:</strong>
Enforces <code>maxBodyLength</code> even when <code>maxRedirects</code>
is set to <code>0</code>, closing a bypass path for oversized request
bodies. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10753">#10753</a></strong>)</p>
</li>
<li>
<p><strong>Streamed Response <code>maxContentLength</code>
Bypass:</strong> Applies <code>maxContentLength</code> to streamed
responses that previously bypassed the cap. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10754">#10754</a></strong>)</p>
</li>
<li>
<p><strong>Follow-up CVE Completion:</strong> Completes an earlier
incomplete CVE fix to fully close the regression window. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10755">#10755</a></strong>)</p>
</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>AI-Based Docs Translations:</strong> Initial scaffold for
AI-assisted translations of the documentation site. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10705">#10705</a></strong>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57"><code>5829343</code></a>
chore(release): prepare release 1.15.2 (<a
href="https://redirect.github.com/axios/axios/issues/10789">#10789</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326"><code>4709a48</code></a>
fix: added fix for memory leak in sockets (<a
href="https://redirect.github.com/axios/axios/issues/10788">#10788</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db"><code>be33360</code></a>
chore: update changelog (<a
href="https://redirect.github.com/axios/axios/issues/10781">#10781</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa"><code>4791514</code></a>
fix: more header pollutions (<a
href="https://redirect.github.com/axios/axios/issues/10779">#10779</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f"><code>6feafcf</code></a>
fix: socket issue (<a
href="https://redirect.github.com/axios/axios/issues/10777">#10777</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73"><code>302e273</code></a>
docs: update docs, add a couple actions etc (<a
href="https://redirect.github.com/axios/axios/issues/10776">#10776</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871"><code>ac42446</code></a>
chore(release): prepare release 1.15.1 (<a
href="https://redirect.github.com/axios/axios/issues/10767">#10767</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9"><code>908f220</code></a>
docs: update threatmodel (<a
href="https://redirect.github.com/axios/axios/issues/10765">#10765</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d"><code>f93f815</code></a>
docs: added docs around potential decompressions bomb (<a
href="https://redirect.github.com/axios/axios/issues/10763">#10763</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486"><code>1728aa1</code></a>
fix: short-circuits on any truthy non-boolean in withXSRFToken (<a
href="https://redirect.github.com/axios/axios/issues/10762">#10762</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.15.0...v1.15.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.15.0&new-version=1.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 11:30:43 +00:00
dependabot[bot] 63412012b6 chore: bump lodash from 4.17.21 to 4.18.1 in /site (#24940) 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.18.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lodash/lodash/releases">lodash's
releases</a>.</em></p>
<blockquote>
<h2>4.18.1</h2>
<h2>Bugs</h2>
<p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code>
<code>lodash-es</code> <code>lodash-amd</code> and
<code>lodash.template</code> when using the <code>template</code> and
<code>fromPairs</code> functions from the modular builds. See <a
href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p>
<p>These defects were related to how lodash distributions are built from
the main branch using <a
href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>.
When internal dependencies change inside lodash functions, equivalent
updates need to be made to a mapping in the lodash-cli. (hey, it was
ahead of its time once upon a time!). We know this, but we missed it in
the last release. It's the kind of thing that passes in CI, but fails bc
the build is not the same thing you tested.</p>
<p>There is no diff on main for this, but you can see the diffs for each
of the npm packages on their respective branches:</p>
<ul>
<li><code>lodash</code>: <a
href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li>
<li><code>lodash-es</code>: <a
href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li>
<li><code>lodash-amd</code>: <a
href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li>
<li><code>lodash.template</code><a
href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li>
</ul>
<h2>4.18.0</h2>
<h2>v4.18.0</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p>
<h3>Security</h3>
<p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed
prototype pollution via <code>constructor</code>/<code>prototype</code>
path traversal (<a
href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>,
<a
href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>).
Previously, array-wrapped path segments and primitive roots could bypass
the existing guards, allowing deletion of properties from built-in
prototypes. Now <code>constructor</code> and <code>prototype</code> are
blocked unconditionally as non-terminal path keys, matching
<code>baseSet</code>. Calls that previously returned <code>true</code>
and deleted the property now return <code>false</code> and leave the
target untouched.</p>
<p><strong><code>_.template</code></strong>: Fixed code injection via
<code>imports</code> keys (<a
href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>,
CVE-2026-4800, <a
href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>).
Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code>
option was validated against <code>reForbiddenIdentifierChars</code> but
<code>importsKeys</code> was left unguarded, allowing code injection via
the same <code>Function()</code> constructor sink. <code>imports</code>
keys containing forbidden identifier characters now throw
<code>&quot;Invalid imports option passed into
_.template&quot;</code>.</p>
<h3>Docs</h3>
<ul>
<li>Add security notice for <code>_.template</code> in threat model and
API docs (<a
href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li>
<li>Document <code>lower &gt; upper</code> behavior in
<code>_.random</code> (<a
href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li>
<li>Fix quotes in <code>_.compact</code> jsdoc (<a
href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li>
</ul>
<h3><code>lodash.*</code> modular packages</h3>
<p><a
href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p>
<p>We have also regenerated and published a select number of the
<code>lodash.*</code> modular packages.</p>
<p>These modular packages had fallen out of sync significantly from the
minor/patch updates to lodash. Specifically, we have brought the
following packages up to parity w/ the latest lodash release because
they have had CVEs on them in the past:</p>
<ul>
<li><a
href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li>
<li><a
href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a>
release(patch): bump main to 4.18.1 (<a
href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a>
chore: prune stale advisory refs (<a
href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a>
docs: remove n_ Node.js &lt; 6 REPL note from README (<a
href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a>
release(minor): bump to 4.18.0 (<a
href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a>
fix: broken tests for _.template 879aaa9</li>
<li><a
href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a>
fix: linting issues</li>
<li><a
href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a>
fix: validate imports keys in _.template</li>
<li><a
href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a>
fix: block prototype pollution in baseUnset via constructor/prototype
traversal</li>
<li><a
href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a>
refactor(fromPairs): use baseAssignValue for consistent assignment (<a
href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a>
ci: add dist sync validation workflow (<a
href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/lodash/lodash/compare/4.17.21...4.18.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=4.17.21&new-version=4.18.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-04 18:45:57 +00:00
dependabot[bot] 7fe86429b7 chore: bump the react group across 1 directory with 3 updates (#24865) 
Bumps the react group with 3 updates in the /site directory:
[react](https://github.com/facebook/react/tree/HEAD/packages/react),
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)
and
[react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom).

Updates `react` from 19.2.2 to 19.2.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react's
releases</a>.</em></p>
<blockquote>
<h2>19.2.5 (April 8th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more cycle protections (<a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.4 (January 26th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more DoS mitigations to Server Actions, and harden Server
Components (<a
href="https://redirect.github.com/facebook/react/pull/35632">#35632</a>
by <a href="https://github.com/gnoff"><code>@​gnoff</code></a>, <a
href="https://github.com/lubieowoce"><code>@​lubieowoce</code></a>, <a
href="https://github.com/sebmarkbage"><code>@​sebmarkbage</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.3 (December 11th, 2025)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add extra loop protection to React Server Functions (<a
href="https://github.com/sebmarkbage"><code>@​sebmarkbage</code></a> <a
href="https://redirect.github.com/facebook/react/pull/35351">#35351</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/facebook/react/commit/23f4f9f30da9e9af2108c18bb197bae75ab584ea"><code>23f4f9f</code></a>
19.2.5</li>
<li><a
href="https://github.com/facebook/react/commit/90ab3f89f4824ac763b6f877c6f711200d1338d2"><code>90ab3f8</code></a>
Version 19.2.4</li>
<li><a
href="https://github.com/facebook/react/commit/612e371fb215498edde4c853bd1e0c8e9203808f"><code>612e371</code></a>
Version 19.2.3</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.5/packages/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `@types/react` from 19.2.7 to 19.2.14
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-dom` from 19.2.2 to 19.2.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react-dom's
releases</a>.</em></p>
<blockquote>
<h2>19.2.5 (April 8th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more cycle protections (<a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.4 (January 26th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more DoS mitigations to Server Actions, and harden Server
Components (<a
href="https://redirect.github.com/facebook/react/pull/35632">#35632</a>
by <a href="https://github.com/gnoff"><code>@​gnoff</code></a>, <a
href="https://github.com/lubieowoce"><code>@​lubieowoce</code></a>, <a
href="https://github.com/sebmarkbage"><code>@​sebmarkbage</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.3 (December 11th, 2025)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add extra loop protection to React Server Functions (<a
href="https://github.com/sebmarkbage"><code>@​sebmarkbage</code></a> <a
href="https://redirect.github.com/facebook/react/pull/35351">#35351</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/facebook/react/commit/23f4f9f30da9e9af2108c18bb197bae75ab584ea"><code>23f4f9f</code></a>
19.2.5</li>
<li><a
href="https://github.com/facebook/react/commit/90ab3f89f4824ac763b6f877c6f711200d1338d2"><code>90ab3f8</code></a>
Version 19.2.4</li>
<li><a
href="https://github.com/facebook/react/commit/612e371fb215498edde4c853bd1e0c8e9203808f"><code>612e371</code></a>
Version 19.2.3</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.5/packages/react-dom">compare
view</a></li>
</ul>
</details>
<br />

Updates `@types/react` from 19.2.7 to 19.2.14
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:31:12 +00:00
dependabot[bot] f17e0e354a chore: bump diff from 8.0.3 to 8.0.4 in /site (#24875) 
Bumps [diff](https://github.com/kpdecker/jsdiff) from 8.0.3 to 8.0.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kpdecker/jsdiff/blob/master/release-notes.md">diff's
changelog</a>.</em></p>
<blockquote>
<h2>8.0.4</h2>
<ul>
<li><a
href="https://redirect.github.com/kpdecker/jsdiff/pull/667">#667</a> -
<strong>fix another bug in <code>diffWords</code> when used with an
<code>Intl.Segmenter</code></strong>. If the text to be diffed included
a combining mark after a whitespace character (i.e. roughly speaking, an
accented space), <code>diffWords</code> would previously crash. Now this
case is handled correctly.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1"><code>dd2f994</code></a>
8.0.4 release (<a
href="https://redirect.github.com/kpdecker/jsdiff/issues/678">#678</a>)</li>
<li><a
href="https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a"><code>3cc4384</code></a>
Update docs on releasing to reflect migration to yarn berry (<a
href="https://redirect.github.com/kpdecker/jsdiff/issues/677">#677</a>)</li>
<li><a
href="https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715"><code>6fc2aa6</code></a>
yarn up '*' &amp;&amp; yarn up -R '**' (<a
href="https://redirect.github.com/kpdecker/jsdiff/issues/676">#676</a>)</li>
<li><a
href="https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7"><code>af7393a</code></a>
yarn up '*' &amp;&amp; yarn up -R '**' (<a
href="https://redirect.github.com/kpdecker/jsdiff/issues/670">#670</a>)</li>
<li><a
href="https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7"><code>4b5d180</code></a>
Fix another bug in diffWords's &quot;intlSegmenter&quot; mode (<a
href="https://redirect.github.com/kpdecker/jsdiff/issues/667">#667</a>)</li>
<li><a
href="https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd"><code>10da50c</code></a>
yarn up '*' &amp;&amp; yarn up -R '**' (<a
href="https://redirect.github.com/kpdecker/jsdiff/issues/666">#666</a>)</li>
<li><a
href="https://github.com/kpdecker/jsdiff/commit/8dc164b5d133b8114738927aa90ed6dfcf49d497"><code>8dc164b</code></a>
Migrate from Yarn Classic to Yarn Berry (<a
href="https://redirect.github.com/kpdecker/jsdiff/issues/662">#662</a>)</li>
<li><a
href="https://github.com/kpdecker/jsdiff/commit/750fbd6472fcdda02d90f8c7d04afa7119953447"><code>750fbd6</code></a>
yarn upgrade --latest (<a
href="https://redirect.github.com/kpdecker/jsdiff/issues/661">#661</a>)</li>
<li><a
href="https://github.com/kpdecker/jsdiff/commit/abe2bde240f9fb65d29ebf275fb8fec7d39b1d63"><code>abe2bde</code></a>
Add release notes for undocumented releases (<a
href="https://redirect.github.com/kpdecker/jsdiff/issues/658">#658</a>)</li>
<li>See full diff in <a
href="https://github.com/kpdecker/jsdiff/compare/v8.0.3...8.0.4">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:21:25 +00:00
dependabot[bot] 241599750f chore: bump @rolldown/plugin-babel from 0.2.2 to 0.2.3 in /site (#24878) 
Bumps
[@rolldown/plugin-babel](https://github.com/rolldown/plugins/tree/HEAD/packages/babel)
from 0.2.2 to 0.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rolldown/plugins/releases"><code>@​rolldown/plugin-babel</code>'s
releases</a>.</em></p>
<blockquote>
<h2>plugin-babel@0.2.3</h2>
<p>Please refer to <a
href="https://github.com/rolldown/plugins/blob/plugin-babel@0.2.3/packages/babel/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rolldown/plugins/blob/main/packages/babel/CHANGELOG.md"><code>@​rolldown/plugin-babel</code>'s
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted --><a
href="https://github.com/rolldown/plugins/compare/plugin-babel@0.2.2...plugin-babel@0.2.3">0.2.3</a>
(2026-04-13)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>babel:</strong> exclude rolldown runtime module by default
(<a
href="https://redirect.github.com/rolldown/plugins/issues/57">#57</a>)
(<a
href="https://github.com/rolldown/plugins/commit/d42ec45ded69e93870d1dfc2977ae11f5ab01e01">d42ec45</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/rolldown/plugins/issues/35">#35</a>)
(<a
href="https://github.com/rolldown/plugins/commit/f359c3923b3802e4efa68da6c9e85aec1fda96d3">f359c39</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/rolldown/plugins/issues/40">#40</a>)
(<a
href="https://github.com/rolldown/plugins/commit/1963ed13059fb08caf33ca96739c3b90f5b10099">1963ed1</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/rolldown/plugins/issues/49">#49</a>)
(<a
href="https://github.com/rolldown/plugins/commit/8047e05a978ba7e0544111d8c2deb7ca335af076">8047e05</a>)</li>
<li><strong>deps:</strong> update rolldown-related dependencies (<a
href="https://redirect.github.com/rolldown/plugins/issues/36">#36</a>)
(<a
href="https://github.com/rolldown/plugins/commit/b2bf24bd65d23bd051aa2f7b3cdee22ca1d58e2f">b2bf24b</a>)</li>
<li><strong>deps:</strong> update rolldown-related dependencies (<a
href="https://redirect.github.com/rolldown/plugins/issues/46">#46</a>)
(<a
href="https://github.com/rolldown/plugins/commit/6b7fcfcc8f0107c0c698ead7d29a65d4ea7c46cd">6b7fcfc</a>)</li>
<li><strong>deps:</strong> update rolldown-related dependencies (<a
href="https://redirect.github.com/rolldown/plugins/issues/50">#50</a>)
(<a
href="https://github.com/rolldown/plugins/commit/232515f251da54c60e0e139d655677f62c3868e5">232515f</a>)</li>
<li><strong>deps:</strong> update rolldown-related dependencies (<a
href="https://redirect.github.com/rolldown/plugins/issues/55">#55</a>)
(<a
href="https://github.com/rolldown/plugins/commit/c43259004d90b7a0e5eb9b8ede94de3e651f25c1">c432590</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li><strong>deps:</strong> update dependency <code>@​types/node</code>
to v24 (<a
href="https://redirect.github.com/rolldown/plugins/issues/38">#38</a>)
(<a
href="https://github.com/rolldown/plugins/commit/d6b8baaf69d80604a9204e018db6cd4a1e4809ba">d6b8baa</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rolldown/plugins/commit/015e64a267e3de500d3141b017bfacd6d287776c"><code>015e64a</code></a>
release: plugin-babel@0.2.3</li>
<li><a
href="https://github.com/rolldown/plugins/commit/d42ec45ded69e93870d1dfc2977ae11f5ab01e01"><code>d42ec45</code></a>
fix(babel): exclude rolldown runtime module by default (<a
href="https://github.com/rolldown/plugins/tree/HEAD/packages/babel/issues/57">#57</a>)</li>
<li><a
href="https://github.com/rolldown/plugins/commit/c43259004d90b7a0e5eb9b8ede94de3e651f25c1"><code>c432590</code></a>
fix(deps): update rolldown-related dependencies (<a
href="https://github.com/rolldown/plugins/tree/HEAD/packages/babel/issues/55">#55</a>)</li>
<li><a
href="https://github.com/rolldown/plugins/commit/232515f251da54c60e0e139d655677f62c3868e5"><code>232515f</code></a>
fix(deps): update rolldown-related dependencies (<a
href="https://github.com/rolldown/plugins/tree/HEAD/packages/babel/issues/50">#50</a>)</li>
<li><a
href="https://github.com/rolldown/plugins/commit/8047e05a978ba7e0544111d8c2deb7ca335af076"><code>8047e05</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/rolldown/plugins/tree/HEAD/packages/babel/issues/49">#49</a>)</li>
<li><a
href="https://github.com/rolldown/plugins/commit/1963ed13059fb08caf33ca96739c3b90f5b10099"><code>1963ed1</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/rolldown/plugins/tree/HEAD/packages/babel/issues/40">#40</a>)</li>
<li><a
href="https://github.com/rolldown/plugins/commit/6b7fcfcc8f0107c0c698ead7d29a65d4ea7c46cd"><code>6b7fcfc</code></a>
fix(deps): update rolldown-related dependencies (<a
href="https://github.com/rolldown/plugins/tree/HEAD/packages/babel/issues/46">#46</a>)</li>
<li><a
href="https://github.com/rolldown/plugins/commit/d6b8baaf69d80604a9204e018db6cd4a1e4809ba"><code>d6b8baa</code></a>
chore(deps): update dependency <code>@​types/node</code> to v24 (<a
href="https://github.com/rolldown/plugins/tree/HEAD/packages/babel/issues/38">#38</a>)</li>
<li><a
href="https://github.com/rolldown/plugins/commit/b2bf24bd65d23bd051aa2f7b3cdee22ca1d58e2f"><code>b2bf24b</code></a>
fix(deps): update rolldown-related dependencies (<a
href="https://github.com/rolldown/plugins/tree/HEAD/packages/babel/issues/36">#36</a>)</li>
<li><a
href="https://github.com/rolldown/plugins/commit/f359c3923b3802e4efa68da6c9e85aec1fda96d3"><code>f359c39</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/rolldown/plugins/tree/HEAD/packages/babel/issues/35">#35</a>)</li>
<li>See full diff in <a
href="https://github.com/rolldown/plugins/commits/plugin-babel@0.2.3/packages/babel">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:20:44 +00:00
dependabot[bot] 53e91fe60c chore: bump motion from 12.34.1 to 12.38.0 in /site (#24880) 
Bumps [motion](https://github.com/motiondivision/motion) from 12.34.1 to
12.38.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">motion's
changelog</a>.</em></p>
<blockquote>
<h2>[12.38.0] 2026-03-16</h2>
<h3>Added</h3>
<ul>
<li>Added <code>layoutAnchor</code> prop to configure custom anchor
point for resolving relative projection boxes.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><code>Reorder</code>: Fix axis switching after window resize.</li>
<li><code>Reorder</code>: Fix with virtualised lists.</li>
<li><code>AnimatePresence</code>: Ensure children are removed when exit
animation matches current values.</li>
</ul>
<h2>[12.37.0] 2026-03-16</h2>
<h3>Added</h3>
<ul>
<li>Support for hardware accelerating <code>&quot;start&quot;</code> and
<code>&quot;end&quot;</code> offsets in <code>scroll</code> and
<code>useScroll</code>.</li>
<li>Support for <code>oklch</code>, <code>oklab</code>,
<code>lab</code>, <code>lch</code>, <code>color</code>,
<code>color-mix</code>, <code>light-dark</code> color types.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix <code>whileInView</code> with client-side navigation.</li>
<li>Fix draggable elements when layout updates due to surrounding
element re-renders.</li>
<li>Improved memory pressure of layout animations.</li>
<li>Ensure motion value returned from <code>useSpring</code> reports
correct <code>isAnimating()</code>.</li>
</ul>
<h2>[12.36.0] 2026-03-09</h2>
<h3>Added</h3>
<ul>
<li>Allow <code>dragSnapToOrigin</code> to accept
<code>&quot;x&quot;</code> or <code>&quot;y&quot;</code> for per-axis
snapping.</li>
<li>Added axis-locked layout animations with
<code>layout=&quot;x&quot;</code> and
<code>layout=&quot;y&quot;</code>.</li>
<li>Added <code>skipInitialAnimation</code> to
<code>useSpring</code>.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fixed <code>height</code> and <code>width: auto</code> animations
with <code>box-sizing: border-box</code>.</li>
<li>Reset component values when exit animation finishes.</li>
<li>Ensure <code>anticipate</code> easing returns <code>1</code> at
<code>p === 1</code>.</li>
<li>Fix <code>@emotion/is-prop-valid</code> resolve error in
Storybook.</li>
<li>Remove <code>data-pop-layout-id</code> from exiting elements when
animation interrupted.</li>
<li>Ensure we skip WAAPI for non-animatable keyframes.</li>
<li>Ensure we skip WAAPI for SVG transforms.</li>
<li>Ensure <code>MotionValue</code> props are not passed to SVG.</li>
<li><code>AnimatePresence</code>: Prevent
<code>mode=&quot;wait&quot;</code> elements from getting stuck when
switched rapidly.</li>
</ul>
<h2>[12.35.2] 2026-03-09</h2>
<h3>Fixed</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/motiondivision/motion/commit/0bfc9fe015f7170c538ca70ba4677ec59d83ee76"><code>0bfc9fe</code></a>
v12.38.0</li>
<li><a
href="https://github.com/motiondivision/motion/commit/343cb0c69e10d5c2bcc9837fb6a83d437257f064"><code>343cb0c</code></a>
Updating layoutAnchor</li>
<li><a
href="https://github.com/motiondivision/motion/commit/ee99ad25f734287c2885d53ec0af8a8f1f6ca306"><code>ee99ad2</code></a>
Updating changelog</li>
<li><a
href="https://github.com/motiondivision/motion/commit/062660b3c5c982d7274adbd382c6dfcd5aea77ad"><code>062660b</code></a>
Updating changgelog</li>
<li><a
href="https://github.com/motiondivision/motion/commit/303da7dddfc41f521ec500aef8a72643169582e0"><code>303da7d</code></a>
Updating readme</li>
<li><a
href="https://github.com/motiondivision/motion/commit/b075adc4b1dde8fa1fb1c488b1b4e7e97a07331e"><code>b075adc</code></a>
Merge pull request <a
href="https://redirect.github.com/motiondivision/motion/issues/3647">#3647</a>
from motiondivision/feat/layout-anchor</li>
<li><a
href="https://github.com/motiondivision/motion/commit/f0991d6728f425eebbb58ce926bd33d05336b724"><code>f0991d6</code></a>
Add missing layoutAnchor !== false guard in
attemptToResolveRelativeTarget</li>
<li><a
href="https://github.com/motiondivision/motion/commit/b5798e99e78738a1fa8ec3414bff63796f9eb39b"><code>b5798e9</code></a>
Merge pull request <a
href="https://redirect.github.com/motiondivision/motion/issues/3642">#3642</a>
from motiondivision/worktree-fix-issue-3078</li>
<li><a
href="https://github.com/motiondivision/motion/commit/7686c193e349f3b3360455615ee6ca45b8532c28"><code>7686c19</code></a>
Merge pull request <a
href="https://redirect.github.com/motiondivision/motion/issues/3636">#3636</a>
from motiondivision/worktree-fix-issue-3061</li>
<li><a
href="https://github.com/motiondivision/motion/commit/a95c4877c879f0e189295cc9f4f5f1c1e1d7df2a"><code>a95c487</code></a>
Fix auto-scroll in reorder-virtualized test page</li>
<li>Additional commits viewable in <a
href="https://github.com/motiondivision/motion/compare/v12.34.1...v12.38.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:17:14 +00:00
dependabot[bot] a5dc2d1ce1 chore: bump @types/node from 20.19.25 to 20.19.39 in /site (#24879) 
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 20.19.25 to 20.19.39.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:11:16 +00:00
dependabot[bot] d8a030bb35 chore: bump autoprefixer from 10.4.22 to 10.5.0 in /site (#24883) 
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from
10.4.22 to 10.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/autoprefixer/releases">autoprefixer's
releases</a>.</em></p>
<blockquote>
<h2>10.5.0 “Each Endeavouring, All Achieving”</h2>
<!-- raw HTML omitted -->
<ul>
<li>Added <code>mask-position-x</code> and <code>mask-position-y</code>
support (by <a
href="https://github.com/toporek"><code>@​toporek</code></a>).</li>
</ul>
<h2>10.4.27</h2>
<ul>
<li>Removed development key from <code>package.json</code>.</li>
</ul>
<h2>10.4.26</h2>
<ul>
<li>Reduced package size.</li>
</ul>
<h2>10.4.25</h2>
<ul>
<li>Fixed broken gradients on CSS Custom Properties (by <a
href="https://github.com/serger777"><code>@​serger777</code></a>).</li>
</ul>
<h2>10.4.24</h2>
<ul>
<li>Made Autoprefixer a little faster (by <a
href="https://github.com/Cherry"><code>@​Cherry</code></a>).</li>
</ul>
<h2>10.4.23</h2>
<ul>
<li>Reduced dependencies (by <a
href="https://github.com/hyperz111"><code>@​hyperz111</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md">autoprefixer's
changelog</a>.</em></p>
<blockquote>
<h2>10.5.0 “Each Endeavouring, All Achieving”</h2>
<ul>
<li>Added <code>mask-position-x</code> and <code>mask-position-y</code>
support (by <a
href="https://github.com/toporek"><code>@​toporek</code></a>).</li>
</ul>
<h2>10.4.27</h2>
<ul>
<li>Removed development key from <code>package.json</code>.</li>
</ul>
<h2>10.4.26</h2>
<ul>
<li>Reduced package size.</li>
</ul>
<h2>10.4.25</h2>
<ul>
<li>Fixed broken gradients on CSS Custom Properties (by <a
href="https://github.com/serger777"><code>@​serger777</code></a>).</li>
</ul>
<h2>10.4.24</h2>
<ul>
<li>Made Autoprefixer a little faster (by <a
href="https://github.com/Cherry"><code>@​Cherry</code></a>).</li>
</ul>
<h2>10.4.23</h2>
<ul>
<li>Reduced dependencies (by <a
href="https://github.com/hyperz111"><code>@​hyperz111</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/postcss/autoprefixer/commit/faf456a4be572dbcb60cbe5d76a8927e23809ef5"><code>faf456a</code></a>
Release 10.5 version</li>
<li><a
href="https://github.com/postcss/autoprefixer/commit/b841fc53575a2e8c3dd8d04b0bc5998ee11e7587"><code>b841fc5</code></a>
Update dependencies</li>
<li><a
href="https://github.com/postcss/autoprefixer/commit/47d6e68b27009f7cb60513172f765783b55bb000"><code>47d6e68</code></a>
Update email</li>
<li><a
href="https://github.com/postcss/autoprefixer/commit/45cfc0827012fda39b809f1654136e1d5ab7ab25"><code>45cfc08</code></a>
Replace ESLint and Prettier to oxlint and oxfmt</li>
<li><a
href="https://github.com/postcss/autoprefixer/commit/7e3ec7db7274289ccc385fb788bc48f14a4e1dd8"><code>7e3ec7d</code></a>
Add prefixing support for mask-position-x and mask-position-y (<a
href="https://redirect.github.com/postcss/autoprefixer/issues/1548">#1548</a>)</li>
<li><a
href="https://github.com/postcss/autoprefixer/commit/360f2d9ecbad3315fbabc61fb2131ac939fee211"><code>360f2d9</code></a>
Release 10.4.27 version</li>
<li><a
href="https://github.com/postcss/autoprefixer/commit/ab5260c30de086760abf7f666bb52f9267ff387e"><code>ab5260c</code></a>
Update clean-publish</li>
<li><a
href="https://github.com/postcss/autoprefixer/commit/09e9dd12c023a02a90d05db46c3c75166525674c"><code>09e9dd1</code></a>
Release 10.4.26 version</li>
<li><a
href="https://github.com/postcss/autoprefixer/commit/ec7554060076640e1261e16d3af8f81c3a2b17cf"><code>ec75540</code></a>
Ignore local patches</li>
<li><a
href="https://github.com/postcss/autoprefixer/commit/59601b89582c2ca286a5e2a545ba98fb0004a5aa"><code>59601b8</code></a>
Update c8 and clean-publish</li>
<li>Additional commits viewable in <a
href="https://github.com/postcss/autoprefixer/compare/10.4.22...10.5.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:11:02 +00:00
dependabot[bot] ecc39efbb5 chore: bump @pierre/diffs from 1.1.0-beta.19 to 1.1.19 in /site (#24885) 
Bumps @pierre/diffs from 1.1.0-beta.19 to 1.1.19.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@pierre/diffs&package-manager=npm_and_yarn&previous-version=1.1.0-beta.19&new-version=1.1.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:08:42 +00:00
dependabot[bot] f535c42550 chore: bump websocket-ts from 2.2.1 to 2.3.0 in /site (#24884) 
Bumps [websocket-ts](https://github.com/jjxxs/websocket-ts) from 2.2.1
to 2.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jjxxs/websocket-ts/releases">websocket-ts's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>websocket-ts v2.3.0</h2>
<h3>New Features</h3>
<ul>
<li><strong>UrlProvider</strong> — <code>Websocket</code> and
<code>WebsocketBuilder</code> now accept a <code>UrlProvider</code>: a
string or <code>() =&gt; string</code> function called on each
connection attempt. Enables dynamic URL resolution for load balancing,
auth token rotation, and failover. (<a
href="https://redirect.github.com/jjxxs/websocket-ts/issues/31">jjxxs/websocket-ts#31</a>)</li>
<li><strong>WebsocketEvent as const object</strong> — Replaced the
TypeScript <code>enum</code> with a <code>const</code> object and type
union, allowing plain string literals like <code>&quot;open&quot;</code>
alongside <code>WebsocketEvent.open</code>. Fully backwards compatible.
(<a
href="https://redirect.github.com/jjxxs/websocket-ts/issues/32">jjxxs/websocket-ts#32</a>)</li>
</ul>
<h3>Improvements</h3>
<ul>
<li>npm publish with <code>--provenance</code> for supply chain
transparency</li>
<li>CI workflows updated to latest action versions with npm caching and
<code>npm ci</code></li>
<li>Coverage uploads switched from <code>coveralls</code> package to
<code>coverallsapp/github-action</code></li>
<li>All devDependencies updated to latest semver-compatible
versions</li>
<li><code>package-lock.json</code> added for reproducible builds</li>
<li>README refreshed with new badges and improved documentation</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/2ed2b204011bcabd8f398daa74ef00bd52c663c9"><code>2ed2b20</code></a>
Upgrade npm for OIDC trusted publishing support</li>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/1abf7a013d7e5f7371104525a165c0ed564a4c5a"><code>1abf7a0</code></a>
Upgrade npm for OIDC trusted publishing support</li>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/f667fbb27c64abcad7007d5bb983e875c4128431"><code>f667fbb</code></a>
Set registry via npm config instead of setup-node for trusted
publishing</li>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/dd1c7311173058658b3301ca86f6769053b20343"><code>dd1c731</code></a>
Restore registry-url for npm trusted publishing</li>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/8879dc684fb5827b53f3189aa21b4ae3c2334009"><code>8879dc6</code></a>
Remove registry-url from setup-node to fix trusted publishing</li>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/92f01da09ffa6f1a15c466fc16ad205e56f9061f"><code>92f01da</code></a>
Use trusted publishing for npm, remove NPM_TOKEN secret</li>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/dd3dd8cb7cc7ade860ab01a32ea326adce0252d6"><code>dd3dd8c</code></a>
Merge pull request <a
href="https://redirect.github.com/jjxxs/websocket-ts/issues/40">#40</a>
from jjxxs/release/websocket-ts-2-3-0</li>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/cf13fb0964bc51ff3101f5b8d8746e234867dd45"><code>cf13fb0</code></a>
Update devDependencies to latest semver-compatible versions</li>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/b4a0f39a33d791804efa88888e1cfaba2b7230bd"><code>b4a0f39</code></a>
Added documentation for UrlProvider</li>
<li><a
href="https://github.com/jjxxs/websocket-ts/commit/d04039d57c3119fde1c767e1964d17757dec6a21"><code>d04039d</code></a>
Add UrlProvider support to accept string or function for WebSocket
URL</li>
<li>Additional commits viewable in <a
href="https://github.com/jjxxs/websocket-ts/compare/v2.2.1...v2.3.0">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for websocket-ts since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=websocket-ts&package-manager=npm_and_yarn&previous-version=2.2.1&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:07:28 +00:00
dependabot[bot] 99fdec5aa3 chore: bump dayjs from 1.11.19 to 1.11.20 in /site (#24881) 
Bumps [dayjs](https://github.com/iamkun/dayjs) from 1.11.19 to 1.11.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/iamkun/dayjs/releases">dayjs's
releases</a>.</em></p>
<blockquote>
<h2>v1.11.20</h2>
<h2><a
href="https://github.com/iamkun/dayjs/compare/v1.11.19...v1.11.20">1.11.20</a>
(2026-03-12)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Update locale km.js to support meridiem (<a
href="https://redirect.github.com/iamkun/dayjs/issues/3017">#3017</a>)
(<a
href="https://github.com/iamkun/dayjs/commit/9d2b6a1ec744ad5db13afd4d701f93349135dfec">9d2b6a1</a>)</li>
<li>update updateLocale plugin to merge nested object properties instead
of replacing (<a
href="https://redirect.github.com/iamkun/dayjs/issues/3012">#3012</a>)
(<a
href="https://github.com/iamkun/dayjs/commit/99691c5f3bd1371d3b763d5f9dfaed9a1945a477">99691c5</a>),
closes <a
href="https://redirect.github.com/iamkun/dayjs/issues/1118">#1118</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/iamkun/dayjs/blob/dev/CHANGELOG.md">dayjs's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/iamkun/dayjs/compare/v1.11.19...v1.11.20">1.11.20</a>
(2026-03-12)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Update locale km.js to support meridiem (<a
href="https://redirect.github.com/iamkun/dayjs/issues/3017">#3017</a>)
(<a
href="https://github.com/iamkun/dayjs/commit/9d2b6a1ec744ad5db13afd4d701f93349135dfec">9d2b6a1</a>)</li>
<li>update updateLocale plugin to merge nested object properties instead
of replacing (<a
href="https://redirect.github.com/iamkun/dayjs/issues/3012">#3012</a>)
(<a
href="https://github.com/iamkun/dayjs/commit/99691c5f3bd1371d3b763d5f9dfaed9a1945a477">99691c5</a>),
closes <a
href="https://redirect.github.com/iamkun/dayjs/issues/1118">#1118</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/iamkun/dayjs/commit/af6e1f85c10fa8596e79471eadad25ab2da56f0f"><code>af6e1f8</code></a>
chore(release): 1.11.20 [skip ci]</li>
<li><a
href="https://github.com/iamkun/dayjs/commit/82babd6688d7238fe1585895816fb2e8e0817c7d"><code>82babd6</code></a>
D2M (<a
href="https://redirect.github.com/iamkun/dayjs/issues/3018">#3018</a>)</li>
<li><a
href="https://github.com/iamkun/dayjs/commit/bbe4ab1bdb1042667817de2433fc85e6b12eadad"><code>bbe4ab1</code></a>
chore: fix lint error</li>
<li><a
href="https://github.com/iamkun/dayjs/commit/99691c5f3bd1371d3b763d5f9dfaed9a1945a477"><code>99691c5</code></a>
fix: update updateLocale plugin to merge nested object properties
instead of ...</li>
<li><a
href="https://github.com/iamkun/dayjs/commit/9d2b6a1ec744ad5db13afd4d701f93349135dfec"><code>9d2b6a1</code></a>
fix: Update locale km.js to support meridiem (<a
href="https://redirect.github.com/iamkun/dayjs/issues/3017">#3017</a>)</li>
<li><a
href="https://github.com/iamkun/dayjs/commit/acf21cd152fcf0851162cba92b56fb4281673b1a"><code>acf21cd</code></a>
chore: update doc</li>
<li><a
href="https://github.com/iamkun/dayjs/commit/55a64e195a7354b3222241e6a64085c706cc157e"><code>55a64e1</code></a>
chore: update doc</li>
<li><a
href="https://github.com/iamkun/dayjs/commit/807face1fef65eee9955fa587888cf31c5a0d3c0"><code>807face</code></a>
chore: update doc</li>
<li><a
href="https://github.com/iamkun/dayjs/commit/54f447048cee679e51a7053f8042d9b6b7028b89"><code>54f4470</code></a>
chore: update doc</li>
<li><a
href="https://github.com/iamkun/dayjs/commit/9ea23c71a125dbb34025cb9f6114d1083ea62705"><code>9ea23c7</code></a>
chore: update doc</li>
<li>Additional commits viewable in <a
href="https://github.com/iamkun/dayjs/compare/v1.11.19...v1.11.20">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for dayjs since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dayjs&package-manager=npm_and_yarn&previous-version=1.11.19&new-version=1.11.20)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:02:26 +00:00
dependabot[bot] f7f7e492ed chore: bump dpdm from 3.14.0 to 3.15.1 in /site (#24877) 
Bumps [dpdm](https://github.com/acrazing/dpdm) from 3.14.0 to 3.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/acrazing/dpdm/releases">dpdm's
releases</a>.</em></p>
<blockquote>
<h2>dpdm v3.15.0</h2>
<p>TS 5.6</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/acrazing/dpdm/commit/aaea2223cfe61729e1af980f5645c7ad0b91b99f"><code>aaea222</code></a>
3.15.1</li>
<li><a
href="https://github.com/acrazing/dpdm/commit/77459f2dc284b559f78d0f70111e37775465f40b"><code>77459f2</code></a>
feat: update deps</li>
<li><a
href="https://github.com/acrazing/dpdm/commit/6f8e0de5ad60ac3cc6e44d03ac6dd0e95c51576f"><code>6f8e0de</code></a>
feat: upgrade ts to 5.6</li>
<li><a
href="https://github.com/acrazing/dpdm/commit/78bd674cfccb1d20a23522f33f7760b6aae17dca"><code>78bd674</code></a>
Merge pull request <a
href="https://redirect.github.com/acrazing/dpdm/issues/58">#58</a> from
bigmistqke/master</li>
<li><a
href="https://github.com/acrazing/dpdm/commit/a446d728e1ff65dc7c5a7a1a329a09b759280b89"><code>a446d72</code></a>
update readme</li>
<li><a
href="https://github.com/acrazing/dpdm/commit/42e9f17f9d108b0422479df80821fc406b6e5a67"><code>42e9f17</code></a>
feat: upgrade ts to 5.3.3</li>
<li><a
href="https://github.com/acrazing/dpdm/commit/1f065e20ad78fa18d3280813ccb0bc6aaae57fa6"><code>1f065e2</code></a>
Merge pull request <a
href="https://redirect.github.com/acrazing/dpdm/issues/42">#42</a> from
soryy708/test-cirdep</li>
<li><a
href="https://github.com/acrazing/dpdm/commit/4e979f690d7b6c582156cf056ca52a0c287a8181"><code>4e979f6</code></a>
test parseCircular in utils</li>
<li><a
href="https://github.com/acrazing/dpdm/commit/ba515fb7ee427182bcc07456d51ddaece80e2e9f"><code>ba515fb</code></a>
test: remove yarn.lock dep</li>
<li>See full diff in <a
href="https://github.com/acrazing/dpdm/compare/v3.14.0...v3.15.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dpdm&package-manager=npm_and_yarn&previous-version=3.14.0&new-version=3.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 13:00:52 +00:00
dependabot[bot] bc77532b8f chore: bump the vite group across 1 directory with 3 updates (#24866) 
Bumps the vite group with 3 updates in the /site directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite),
[vite-plugin-checker](https://github.com/fi3ework/vite-plugin-checker)
and
[vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).

Updates `vite` from 8.0.2 to 8.0.10
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.10</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.0.10/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.0.9</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.0.9/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.0.8</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.0.8/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.0.7</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.0.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.0.6</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.0.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.0.5</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.0.5/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.0.4</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.0.4/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@8.0.3</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@8.0.3/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>v8.0.3</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v8.0.3/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v8.0.9...v8.0.10">8.0.10</a>
(2026-04-23)<!-- raw HTML omitted --></h2>
<h3>Features</h3>
<ul>
<li>update rolldown to 1.0.0-rc.17 (<a
href="https://redirect.github.com/vitejs/vite/issues/22299">#22299</a>)
(<a
href="https://github.com/vitejs/vite/commit/a4d06d9015167d30fe8ac63d1ce2edc146cdca31">a4d06d9</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><code>hmrClient.logger.debug</code> and
<code>hmrClient.logger.error</code> looked different from other HMR logs
(<a
href="https://redirect.github.com/vitejs/vite/issues/22147">#22147</a>)
(<a
href="https://github.com/vitejs/vite/commit/a4d828f2d5ed85440bc0774eab342e6f9a5e5f62">a4d828f</a>)</li>
<li><strong>css:</strong> show filename in CSS minification warnings for
<code>.css?inline</code> (<a
href="https://redirect.github.com/vitejs/vite/issues/22292">#22292</a>)
(<a
href="https://github.com/vitejs/vite/commit/83f0a785a2ae48d6761fb69f4b0523a24ae9342c">83f0a78</a>)</li>
<li><strong>optimizer:</strong> allow user transform.target to override
default in optimizeDeps (<a
href="https://redirect.github.com/vitejs/vite/issues/22273">#22273</a>)
(<a
href="https://github.com/vitejs/vite/commit/5c7cec69b637544ab16009d8758df7dbbf7f2674">5c7cec6</a>)</li>
<li>remove format sniffing module resolution from JS resolver (<a
href="https://redirect.github.com/vitejs/vite/issues/22297">#22297</a>)
(<a
href="https://github.com/vitejs/vite/commit/b8a21cc821c1434ac9d2b85ec53005df9edc306b">b8a21cc</a>)</li>
</ul>
<h3>Code Refactoring</h3>
<ul>
<li>enable some typecheck rules (<a
href="https://redirect.github.com/vitejs/vite/issues/22278">#22278</a>)
(<a
href="https://github.com/vitejs/vite/commit/943751801f70057ae94f9092e349c8f3fd9ccdf2">9437518</a>)</li>
<li>typecheck client directory (<a
href="https://redirect.github.com/vitejs/vite/issues/22284">#22284</a>)
(<a
href="https://github.com/vitejs/vite/commit/40a0847276502b33a3942b3cfab04b20218f3543">40a0847</a>)</li>
</ul>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v8.0.8...v8.0.9">8.0.9</a>
(2026-04-20)<!-- raw HTML omitted --></h2>
<h3>Features</h3>
<ul>
<li>update rolldown to 1.0.0-rc.16 (<a
href="https://redirect.github.com/vitejs/vite/issues/22248">#22248</a>)
(<a
href="https://github.com/vitejs/vite/commit/2947edd57ceb64a0b4dc43269743e8e44e68c09b">2947edd</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>allow binding when strictPort is set but wildcard port is in use (<a
href="https://redirect.github.com/vitejs/vite/issues/22150">#22150</a>)
(<a
href="https://github.com/vitejs/vite/commit/dfc8aa5057dd8ec2b1223980d1e2eeb946ac3384">dfc8aa5</a>)</li>
<li><strong>build:</strong> emptyOutDir should happen for watch rebuilds
(<a
href="https://redirect.github.com/vitejs/vite/issues/22207">#22207</a>)
(<a
href="https://github.com/vitejs/vite/commit/ee522672bb374c7ff95a347f14732491121b1cd6">ee52267</a>)</li>
<li><strong>bundled-dev:</strong> reject requests to HMR patch files in
non potentially trustworthy origins (<a
href="https://redirect.github.com/vitejs/vite/issues/22269">#22269</a>)
(<a
href="https://github.com/vitejs/vite/commit/868f1411a6f474baa4417f2d6524692dd452f760">868f141</a>)</li>
<li><strong>css:</strong> use unique key for cssEntriesMap to prevent
same-basename collision (<a
href="https://redirect.github.com/vitejs/vite/issues/22039">#22039</a>)
(<a
href="https://github.com/vitejs/vite/commit/374bb5d597fcd0485e929565c698d8ed219136f8">374bb5d</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/vitejs/vite/issues/22219">#22219</a>)
(<a
href="https://github.com/vitejs/vite/commit/4cd0d6760edd5fb0841abe86538de3c225e880a1">4cd0d67</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/vitejs/vite/issues/22268">#22268</a>)
(<a
href="https://github.com/vitejs/vite/commit/c28e9c12a849f80e6fdc93f42283ad2863ab9dbc">c28e9c1</a>)</li>
<li>detect Deno workspace root (fix <a
href="https://redirect.github.com/vitejs/vite/issues/22237">#22237</a>)
(<a
href="https://redirect.github.com/vitejs/vite/issues/22238">#22238</a>)
(<a
href="https://github.com/vitejs/vite/commit/1b793c0e1726467fffd06ffad9bc81c61a840188">1b793c0</a>)</li>
<li><strong>dev:</strong> handle errors in <code>watchChange</code> hook
(<a
href="https://redirect.github.com/vitejs/vite/issues/22188">#22188</a>)
(<a
href="https://github.com/vitejs/vite/commit/fc08bdab9bba871b03689f2f6997c3a4ba4351da">fc08bda</a>)</li>
<li><strong>optimizer:</strong> handle more chars that will be sanitized
(<a
href="https://redirect.github.com/vitejs/vite/issues/22208">#22208</a>)
(<a
href="https://github.com/vitejs/vite/commit/3f24533ac4845ed22547279d1721bd82a35345e3">3f24533</a>)</li>
<li>skip fallback sourcemap generation for <code>?raw</code> imports (<a
href="https://redirect.github.com/vitejs/vite/issues/22148">#22148</a>)
(<a
href="https://github.com/vitejs/vite/commit/3ec9cdaac7936ca32d0956c4cb1eb6e172945996">3ec9cda</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>align the descriptions in READMEs (<a
href="https://redirect.github.com/vitejs/vite/issues/22231">#22231</a>)
(<a
href="https://github.com/vitejs/vite/commit/44c42b97639bb6ad777e66d752b2829cccb9a27a">44c42b9</a>)</li>
<li>fix reuses wording in dev environment comment (<a
href="https://redirect.github.com/vitejs/vite/issues/22173">#22173</a>)
(<a
href="https://github.com/vitejs/vite/commit/9163412fdfec7fb1656529713326a5b5c5e986ea">9163412</a>)</li>
<li>fix wording in sass error comment (<a
href="https://redirect.github.com/vitejs/vite/issues/22214">#22214</a>)
(<a
href="https://github.com/vitejs/vite/commit/bc5c6a7a498845dff20dc410c395355b79a4b753">bc5c6a7</a>)</li>
<li>update build CLI defaults (<a
href="https://redirect.github.com/vitejs/vite/issues/22261">#22261</a>)
(<a
href="https://github.com/vitejs/vite/commit/605bb97994678a1bb70a8de9a85c29d5f5d48c5a">605bb97</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li><strong>deps:</strong> update dependency dotenv-expand to v13 (<a
href="https://redirect.github.com/vitejs/vite/issues/22271">#22271</a>)
(<a
href="https://github.com/vitejs/vite/commit/0a3887da18812cacb254c616e4dd35631e776fda">0a3887d</a>)</li>
</ul>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v8.0.7...v8.0.8">8.0.8</a>
(2026-04-09)<!-- raw HTML omitted --></h2>
<h3>Features</h3>
<ul>
<li>update rolldown to 1.0.0-rc.15 (<a
href="https://redirect.github.com/vitejs/vite/issues/22201">#22201</a>)
(<a
href="https://github.com/vitejs/vite/commit/6baf587255936e91348cbe624caefd10e8c607ab">6baf587</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitejs/vite/commit/32c29780404c353f5a7c5ba4d06fc5e676741714"><code>32c2978</code></a>
release: v8.0.10</li>
<li><a
href="https://github.com/vitejs/vite/commit/a4d06d9015167d30fe8ac63d1ce2edc146cdca31"><code>a4d06d9</code></a>
feat: update rolldown to 1.0.0-rc.17 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22299">#22299</a>)</li>
<li><a
href="https://github.com/vitejs/vite/commit/a4d828f2d5ed85440bc0774eab342e6f9a5e5f62"><code>a4d828f</code></a>
fix: <code>hmrClient.logger.debug</code> and
<code>hmrClient.logger.error</code> looked different f...</li>
<li><a
href="https://github.com/vitejs/vite/commit/83f0a785a2ae48d6761fb69f4b0523a24ae9342c"><code>83f0a78</code></a>
fix(css): show filename in CSS minification warnings for
<code>.css?inline</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22292">#22292</a>)</li>
<li><a
href="https://github.com/vitejs/vite/commit/b8a21cc821c1434ac9d2b85ec53005df9edc306b"><code>b8a21cc</code></a>
fix: remove format sniffing module resolution from JS resolver (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22297">#22297</a>)</li>
<li><a
href="https://github.com/vitejs/vite/commit/40a0847276502b33a3942b3cfab04b20218f3543"><code>40a0847</code></a>
refactor: typecheck client directory (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22284">#22284</a>)</li>
<li><a
href="https://github.com/vitejs/vite/commit/5c7cec69b637544ab16009d8758df7dbbf7f2674"><code>5c7cec6</code></a>
fix(optimizer): allow user transform.target to override default in
optimizeDe...</li>
<li><a
href="https://github.com/vitejs/vite/commit/943751801f70057ae94f9092e349c8f3fd9ccdf2"><code>9437518</code></a>
refactor: enable some typecheck rules (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22278">#22278</a>)</li>
<li><a
href="https://github.com/vitejs/vite/commit/ce729f5fa1a5adca373b2adcb0e1b18099164a14"><code>ce729f5</code></a>
release: v8.0.9</li>
<li><a
href="https://github.com/vitejs/vite/commit/605bb97994678a1bb70a8de9a85c29d5f5d48c5a"><code>605bb97</code></a>
docs: update build CLI defaults (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22261">#22261</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v8.0.10/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `vite-plugin-checker` from 0.12.0 to 0.13.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fi3ework/vite-plugin-checker/releases">vite-plugin-checker's
releases</a>.</em></p>
<blockquote>
<h2>vite-plugin-checker@0.13.0</h2>
<h3>   🚀 Features</h3>
<ul>
<li><strong>biome</strong>: Add support for biome 2.4  -  by <a
href="https://github.com/ScotchAndSoda"><code>@​ScotchAndSoda</code></a>,
<strong>Maksim Kruglov</strong> and <a
href="https://github.com/danielroe"><code>@​danielroe</code></a> in <a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/660">fi3ework/vite-plugin-checker#660</a>
<a
href="https://github.com/fi3ework/vite-plugin-checker/commit/769696e"><!--
raw HTML omitted -->(76969)<!-- raw HTML omitted --></a></li>
<li><strong>eslint</strong>: Support ESLint v10.x  -  by <a
href="https://github.com/Guymestef"><code>@​Guymestef</code></a> in <a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/668">fi3ework/vite-plugin-checker#668</a>
<a
href="https://github.com/fi3ework/vite-plugin-checker/commit/ef4841d"><!--
raw HTML omitted -->(ef484)<!-- raw HTML omitted --></a></li>
</ul>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>deps</strong>:
<ul>
<li>Update dependency vue to ^3.5.27  -  in <a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/641">fi3ework/vite-plugin-checker#641</a>
<a
href="https://github.com/fi3ework/vite-plugin-checker/commit/ef599bd"><!--
raw HTML omitted -->(ef599)<!-- raw HTML omitted --></a></li>
<li>Update dependency vue to ^3.5.28  -  in <a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/648">fi3ework/vite-plugin-checker#648</a>
<a
href="https://github.com/fi3ework/vite-plugin-checker/commit/4787886"><!--
raw HTML omitted -->(47878)<!-- raw HTML omitted --></a></li>
<li>Update dependency vue to ^3.5.29  -  in <a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/659">fi3ework/vite-plugin-checker#659</a>
<a
href="https://github.com/fi3ework/vite-plugin-checker/commit/1444447"><!--
raw HTML omitted -->(14444)<!-- raw HTML omitted --></a></li>
<li>Update dependency picomatch to ^4.0.4  -  in <a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/670">fi3ework/vite-plugin-checker#670</a>
<a
href="https://github.com/fi3ework/vite-plugin-checker/commit/399de37"><!--
raw HTML omitted -->(399de)<!-- raw HTML omitted --></a></li>
</ul>
</li>
<li><strong>oxlint</strong>:
<ul>
<li>Do not watch the root directory  -  by <a
href="https://github.com/bjackson"><code>@​bjackson</code></a> in <a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/671">fi3ework/vite-plugin-checker#671</a>
<a
href="https://github.com/fi3ework/vite-plugin-checker/commit/e5b6f0f"><!--
raw HTML omitted -->(e5b6f)<!-- raw HTML omitted --></a></li>
</ul>
</li>
<li><strong>stylelint</strong>:
<ul>
<li>Allow meow v14 in peer dependencies  -  by <a
href="https://github.com/felixranesberger"><code>@​felixranesberger</code></a>
in <a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/646">fi3ework/vite-plugin-checker#646</a>
<a
href="https://github.com/fi3ework/vite-plugin-checker/commit/8633ae5"><!--
raw HTML omitted -->(8633a)<!-- raw HTML omitted --></a></li>
</ul>
</li>
<li><strong>vue-tsc</strong>:
<ul>
<li>Handle concurrency when setting up plugin  -  by <a
href="https://github.com/kitsune7"><code>@​kitsune7</code></a> in <a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/643">fi3ework/vite-plugin-checker#643</a>
<a
href="https://github.com/fi3ework/vite-plugin-checker/commit/23ced95"><!--
raw HTML omitted -->(23ced)<!-- raw HTML omitted --></a></li>
</ul>
</li>
</ul>
<h5>    <a
href="https://github.com/fi3ework/vite-plugin-checker/compare/vite-plugin-checker@0.12.0...vite-plugin-checker@0.13.0">View
changes on GitHub</a></h5>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/37e272dd9d0e39e942abb11e52a615bbe04a09b3"><code>37e272d</code></a>
v0.13.0</li>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/c48dd855e82c2108b439280d845283ac6119bb53"><code>c48dd85</code></a>
chore(deps): update dependency stylelint to v16.26.1 (<a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/677">#677</a>)</li>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/ef4841de5f648027313fb29fe318bb96132f1082"><code>ef4841d</code></a>
feat(eslint): support ESLint v10.x (<a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/668">#668</a>)</li>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/c870779623e55ffec667dce9043b141d7735336f"><code>c870779</code></a>
chore(deps): replace dependency <code>@​tsconfig/node22</code> with
<code>@​tsconfig/node24</code> (<a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/627">#627</a>)</li>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/d1fd1af3bdfd02f36f9bf534fca4755ab358a2f6"><code>d1fd1af</code></a>
chore(deps): update dependency vite to ^8.0.8 (<a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/678">#678</a>)</li>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/769696e029d8ee2a791248ead00cdefd16301a8e"><code>769696e</code></a>
feat(biome): add support for biome 2.4 (<a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/660">#660</a>)</li>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/399de3717f17b6d776f0ef74f1a9f1b6a1c353ee"><code>399de37</code></a>
fix(deps): update dependency picomatch to ^4.0.4 (<a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/670">#670</a>)</li>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/431436045111d6941349dc454306755ca09f0c72"><code>4314360</code></a>
build(deps): bump vite from 5.4.19 to 7.3.2 (<a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/674">#674</a>)</li>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/e39c564fc351548ea54036bb82e466a3858fc686"><code>e39c564</code></a>
chore(deps): update pnpm/action-setup digest to b906aff (<a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/666">#666</a>)</li>
<li><a
href="https://github.com/fi3ework/vite-plugin-checker/commit/8633ae54b4949b90c5a8f805bd2ee0cb6da83715"><code>8633ae5</code></a>
fix(stylelint): allow meow v14 in peer dependencies (<a
href="https://redirect.github.com/fi3ework/vite-plugin-checker/issues/646">#646</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/fi3ework/vite-plugin-checker/compare/vite-plugin-checker@0.12.0...vite-plugin-checker@0.13.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `vitest` from 4.1.1 to 4.1.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitest-dev/vitest/releases">vitest's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.5</h2>
<h3>   🚀 Experimental Features</h3>
<ul>
<li><strong>coverage</strong>: Istanbul to support
<code>instrumenter</code> option  -  by <a
href="https://github.com/BartWaardenburg"><code>@​BartWaardenburg</code></a>
and <a
href="https://github.com/AriPerkkio"><code>@​AriPerkkio</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10119">vitest-dev/vitest#10119</a>
<a href="https://github.com/vitest-dev/vitest/commit/0e0ff41c7"><!-- raw
HTML omitted -->(0e0ff)<!-- raw HTML omitted --></a></li>
</ul>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li>--project negation excludes browser instances  -  by <a
href="https://github.com/felamaslen"><code>@​felamaslen</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10131">vitest-dev/vitest#10131</a>
<a href="https://github.com/vitest-dev/vitest/commit/9423dc084"><!-- raw
HTML omitted -->(9423d)<!-- raw HTML omitted --></a></li>
<li>Project color label on html reporter  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10142">vitest-dev/vitest#10142</a>
<a href="https://github.com/vitest-dev/vitest/commit/596f73986"><!-- raw
HTML omitted -->(596f7)<!-- raw HTML omitted --></a></li>
<li>Fix <code>vi.defineHelper</code> called as object method  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10163">vitest-dev/vitest#10163</a>
<a href="https://github.com/vitest-dev/vitest/commit/122c25b5b"><!-- raw
HTML omitted -->(122c2)<!-- raw HTML omitted --></a></li>
<li>Alias <code>agent</code> reporter to <code>minimal</code>  -  by <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10157">vitest-dev/vitest#10157</a>
<a href="https://github.com/vitest-dev/vitest/commit/663b99fe3"><!-- raw
HTML omitted -->(663b9)<!-- raw HTML omitted --></a></li>
<li>Respect diff config options in soft assertions  -  by <a
href="https://github.com/Copilot"><code>@​Copilot</code></a>,
<strong>sheremet-va</strong> and <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/8696">vitest-dev/vitest#8696</a>
<a href="https://github.com/vitest-dev/vitest/commit/9787dedad"><!-- raw
HTML omitted -->(9787d)<!-- raw HTML omitted --></a></li>
<li>Respect diff config options in soft assertions &quot;  -  by <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/8696">vitest-dev/vitest#8696</a>
<a href="https://github.com/vitest-dev/vitest/commit/7dc6d54fd"><!-- raw
HTML omitted -->(7dc6d)<!-- raw HTML omitted --></a></li>
<li><strong>ast-collect</strong>: Recognize _<em>vi_import</em> prefix
in static test discovery  -  by <a
href="https://github.com/Yejneshwar"><code>@​Yejneshwar</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10129">vitest-dev/vitest#10129</a>
<a href="https://github.com/vitest-dev/vitest/commit/325463ab2"><!-- raw
HTML omitted -->(32546)<!-- raw HTML omitted --></a></li>
<li><strong>coverage</strong>: Descriptive error message when reports
directory is removed during test run  -  by <a
href="https://github.com/DaveT1991"><code>@​DaveT1991</code></a> and <a
href="https://github.com/AriPerkkio"><code>@​AriPerkkio</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10117">vitest-dev/vitest#10117</a>
<a href="https://github.com/vitest-dev/vitest/commit/1413382e1"><!-- raw
HTML omitted -->(14133)<!-- raw HTML omitted --></a></li>
<li><strong>snapshot</strong>: Increase default snapshot max output
length  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> and
<strong>Codex</strong> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10150">vitest-dev/vitest#10150</a>
<a href="https://github.com/vitest-dev/vitest/commit/21e66ff63"><!-- raw
HTML omitted -->(21e66)<!-- raw HTML omitted --></a></li>
<li><strong>ui</strong>: Fix jsx/tsx syntax highlight  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10152">vitest-dev/vitest#10152</a>
<a href="https://github.com/vitest-dev/vitest/commit/f1b1f6c7b"><!-- raw
HTML omitted -->(f1b1f)<!-- raw HTML omitted --></a></li>
<li><strong>web-worker</strong>: Support MessagePort objects referenced
inside postMessage data  -  by <a
href="https://github.com/whitphx"><code>@​whitphx</code></a> and
<strong>Claude Opus 4.6 (1M context)</strong> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/9927">vitest-dev/vitest#9927</a>
and <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10124">vitest-dev/vitest#10124</a>
<a href="https://github.com/vitest-dev/vitest/commit/7ad7d39af"><!-- raw
HTML omitted -->(7ad7d)<!-- raw HTML omitted --></a></li>
<li><strong>api</strong>: Make test-specification options writable  - 
by <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10154">vitest-dev/vitest#10154</a>
<a href="https://github.com/vitest-dev/vitest/commit/6abd557b7"><!-- raw
HTML omitted -->(6abd5)<!-- raw HTML omitted --></a></li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.4...v4.1.5">View
changes on GitHub</a></h5>
<h2>v4.1.4</h2>
<h3>   🚀 Experimental Features</h3>
<ul>
<li><strong>coverage</strong>:
<ul>
<li>Default to text reporter <code>skipFull</code> if agent detected  - 
by <a href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10018">vitest-dev/vitest#10018</a>
<a href="https://github.com/vitest-dev/vitest/commit/53757804c"><!-- raw
HTML omitted -->(53757)<!-- raw HTML omitted --></a></li>
</ul>
</li>
<li><strong>experimental</strong>:
<ul>
<li>Expose <code>assertion</code> as a public field  -  by <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10095">vitest-dev/vitest#10095</a>
<a href="https://github.com/vitest-dev/vitest/commit/a120e3ab8"><!-- raw
HTML omitted -->(a120e)<!-- raw HTML omitted --></a></li>
<li>Support aria snapshot  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a>,
<strong>Claude Opus 4.6 (1M context)</strong>, <a
href="https://github.com/AriPerkkio"><code>@​AriPerkkio</code></a>,
<strong>Codex</strong> and <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/9668">vitest-dev/vitest#9668</a>
<a href="https://github.com/vitest-dev/vitest/commit/d4fbb5cc9"><!-- raw
HTML omitted -->(d4fbb)<!-- raw HTML omitted --></a></li>
</ul>
</li>
<li><strong>reporter</strong>:
<ul>
<li>Add filterMeta option to json reporter  -  by <a
href="https://github.com/nami8824"><code>@​nami8824</code></a> and <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10078">vitest-dev/vitest#10078</a>
<a href="https://github.com/vitest-dev/vitest/commit/b77de968e"><!-- raw
HTML omitted -->(b77de)<!-- raw HTML omitted --></a></li>
</ul>
</li>
</ul>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li>Use &quot;black&quot; foreground for labeled terminal message to
ensure contrast  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10076">vitest-dev/vitest#10076</a>
<a href="https://github.com/vitest-dev/vitest/commit/203f07af7"><!-- raw
HTML omitted -->(203f0)<!-- raw HTML omitted --></a></li>
<li>Make <code>expect(..., message)</code> consistent as error message
prefix  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> and
<strong>Codex</strong> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10068">vitest-dev/vitest#10068</a>
<a href="https://github.com/vitest-dev/vitest/commit/a1b5f0f4f"><!-- raw
HTML omitted -->(a1b5f)<!-- raw HTML omitted --></a></li>
<li>Do not hoist imports whose names match class properties .  -  by <a
href="https://github.com/SunsetFi"><code>@​SunsetFi</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10093">vitest-dev/vitest#10093</a>
and <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10094">vitest-dev/vitest#10094</a>
<a href="https://github.com/vitest-dev/vitest/commit/0fc4b47e0"><!-- raw
HTML omitted -->(0fc4b)<!-- raw HTML omitted --></a></li>
<li><strong>browser</strong>: Spread user server options into browser
Vite server in project  -  by <a
href="https://github.com/GoldStrikeArch"><code>@​GoldStrikeArch</code></a>
in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10049">vitest-dev/vitest#10049</a>
<a href="https://github.com/vitest-dev/vitest/commit/65c9d55eb"><!-- raw
HTML omitted -->(65c9d)<!-- raw HTML omitted --></a></li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.3...v4.1.4">View
changes on GitHub</a></h5>
<h2>v4.1.3</h2>
<h3>   🚀 Experimental Features</h3>
<ul>
<li>Add <code>experimental.preParse</code> flag  -  by <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10070">vitest-dev/vitest#10070</a>
<a href="https://github.com/vitest-dev/vitest/commit/7827363bd"><!-- raw
HTML omitted -->(78273)<!-- raw HTML omitted --></a></li>
<li>Support <code>browser.locators.exact</code> option  -  by <a
href="https://github.com/sheremet-va"><code>@​sheremet-va</code></a> in
<a
href="https://redirect.github.com/vitest-dev/vitest/issues/10013">vitest-dev/vitest#10013</a>
<a href="https://github.com/vitest-dev/vitest/commit/487990a19"><!-- raw
HTML omitted -->(48799)<!-- raw HTML omitted --></a></li>
<li>Add <code>TestAttachment.bodyEncoding</code>  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/9969">vitest-dev/vitest#9969</a>
<a href="https://github.com/vitest-dev/vitest/commit/89ca0e254"><!-- raw
HTML omitted -->(89ca0)<!-- raw HTML omitted --></a></li>
<li>Support custom snapshot matcher  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a>,
<strong>Claude Sonnet 4.6</strong> and <strong>Codex</strong> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/9973">vitest-dev/vitest#9973</a>
<a href="https://github.com/vitest-dev/vitest/commit/59b0e6411"><!-- raw
HTML omitted -->(59b0e)<!-- raw HTML omitted --></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitest-dev/vitest/commit/e399846850fedf10b8228cbe46a419628998acd9"><code>e399846</code></a>
chore: release v4.1.5</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/7dc6d54fd9dda0fe6fee2fb6451d0611a9ecb6e7"><code>7dc6d54</code></a>
Revert &quot;fix: respect diff config options in soft assertions (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696">#8696</a>)&quot;</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/9787dedade9896a6d3eeed7739177d6c583a68a7"><code>9787ded</code></a>
fix: respect diff config options in soft assertions (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8696">#8696</a>)</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/325463ab292c45c3ef27aa21ec7da380c307052c"><code>325463a</code></a>
fix(ast-collect): recognize _<em>vi_import</em> prefix in static test
discovery (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10">#10</a>...</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/0e0ff41c7e86d6e2bf581f074dc216805d10d371"><code>0e0ff41</code></a>
feat(coverage): istanbul to support <code>instrumenter</code> option (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10119">#10119</a>)</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/663b99fe3e6a60fc8a7ccd2d9941d1cbe929b606"><code>663b99f</code></a>
fix: alias <code>agent</code> reporter to <code>minimal</code> (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10157">#10157</a>)</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/122c25b5b157ffd31b376561b16ab983aa23e7bc"><code>122c25b</code></a>
fix: fix <code>vi.defineHelper</code> called as object method (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10163">#10163</a>)</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/6abd557b7219156893dd13a1dbe86501d5542d2e"><code>6abd557</code></a>
feat(api): make test-specification options writable (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10154">#10154</a>)</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/596f73986abe2161a9a06f0ca03df68e82690b21"><code>596f739</code></a>
fix: project color label on html reporter (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10142">#10142</a>)</li>
<li><a
href="https://github.com/vitest-dev/vitest/commit/9423dc0841e97b6dcac8a73cdb8e656b3d6ba909"><code>9423dc0</code></a>
fix: --project negation excludes browser instances (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10131">#10131</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 12:56:33 +00:00
dependabot[bot] 0367b1f155 chore: bump the xterm group across 1 directory with 4 updates (#24864) 
Bumps the xterm group with 4 updates in the /site directory:
[@xterm/addon-fit](https://github.com/xtermjs/xterm.js),
[@xterm/addon-unicode11](https://github.com/xtermjs/xterm.js),
[@xterm/addon-web-links](https://github.com/xtermjs/xterm.js) and
[@xterm/addon-webgl](https://github.com/xtermjs/xterm.js).

Updates `@xterm/addon-fit` from 0.10.0 to 0.11.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/ce1d788efe88a5e0ee972a0a6d260f9ba9454d3d"><code>ce1d788</code></a>
Bumped bower version to 0.11</li>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/01e48b740673d20c01a50ac60ba59317d8fa17b8"><code>01e48b7</code></a>
Revamped the attach addon</li>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/a1717fdd8d31f15c807309ff510142d7386e7a43"><code>a1717fd</code></a>
Update docs index</li>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/c9f5f235e21caefdb6fadda0fac26a07c5c9341c"><code>c9f5f23</code></a>
Started documenting methods</li>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/21dde3cfa21faec6db52aff671c47a2e818e7a3a"><code>21dde3c</code></a>
Updated version, in docs</li>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/73bf6d1ce8b79204af4d00e595932ca09e1a7978"><code>73bf6d1</code></a>
Started documenting events</li>
<li>See full diff in <a
href="https://github.com/xtermjs/xterm.js/compare/0.10...0.11">compare
view</a></li>
</ul>
</details>
<br />

Updates `@xterm/addon-unicode11` from 0.8.0 to 0.9.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/0b603952c3537471e0ad565bae3482c77c2611ff"><code>0b60395</code></a>
Removed debugging stuff</li>
<li>See full diff in <a
href="https://github.com/xtermjs/xterm.js/compare/0.8...0.9">compare
view</a></li>
</ul>
</details>
<br />

Updates `@xterm/addon-web-links` from 0.11.0 to 0.12.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/561fc59dbc4f19bd9be0a919c6b1e5e6c0e01fe5"><code>561fc59</code></a>
Added screenshot for docs</li>
<li>See full diff in <a
href="https://github.com/xtermjs/xterm.js/compare/0.11...0.12">compare
view</a></li>
</ul>
</details>
<br />

Updates `@xterm/addon-webgl` from 0.18.0 to 0.19.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/670efc44547408074179c1744fc903c23b91adc0"><code>670efc4</code></a>
Bump Bower version to 0.19</li>
<li><a
href="https://github.com/xtermjs/xterm.js/commit/74f9526177f0f6a10feecad8e11e8b517b3b02b4"><code>74f9526</code></a>
[addon attach] Implement auto-detaching on socket close/error</li>
<li>See full diff in <a
href="https://github.com/xtermjs/xterm.js/compare/0.18...0.19">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-01 12:54:13 +00:00
dependabot[bot] e32581dc68 chore: bump postcss from 8.5.6 to 8.5.10 in /site (#24727) 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to
8.5.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.10</h2>
<ul>
<li>Fixed XSS via unescaped <code>&lt;/style&gt;</code> in non-bundler
cases (by <a
href="https://github.com/TharVid"><code>@​TharVid</code></a>).</li>
</ul>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
<h2>8.5.8</h2>
<ul>
<li>Fixed <code>Processor#version</code>.</li>
</ul>
<h2>8.5.7</h2>
<ul>
<li>Improved source map annotation cleaning performance (by CodeAnt
AI).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.10</h2>
<ul>
<li>Fixed XSS via unescaped <code>&lt;/style&gt;</code> in non-bundler
cases (by <a
href="https://github.com/TharVid"><code>@​TharVid</code></a>).</li>
</ul>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
<h2>8.5.8</h2>
<ul>
<li>Fixed <code>Processor#version</code>.</li>
</ul>
<h2>8.5.7</h2>
<ul>
<li>Improved source map annotation cleaning performance (by CodeAnt
AI).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986"><code>33b9790</code></a>
Release 8.5.10 version</li>
<li><a
href="https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b"><code>536c79e</code></a>
Escape &lt;/style&gt; in CSS output (<a
href="https://redirect.github.com/postcss/postcss/issues/2074">#2074</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4"><code>afa96b2</code></a>
Update dependencies (<a
href="https://redirect.github.com/postcss/postcss/issues/2073">#2073</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d"><code>effe88b</code></a>
Typo (<a
href="https://redirect.github.com/postcss/postcss/issues/2072">#2072</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad"><code>3ee79a2</code></a>
Thread model (<a
href="https://redirect.github.com/postcss/postcss/issues/2071">#2071</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01"><code>2e0683d</code></a>
Create incident response docs (<a
href="https://redirect.github.com/postcss/postcss/issues/2070">#2070</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9"><code>fe88ac2</code></a>
Release 8.5.9 version</li>
<li><a
href="https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e"><code>c551632</code></a>
Avoid RegExp when we can use simple JS</li>
<li><a
href="https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a"><code>89a6b74</code></a>
Move SECURITY.txt for docs folder to keep GitHub page cleaner</li>
<li><a
href="https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b"><code>6ceb8a4</code></a>
Create SECURITY.md</li>
<li>Additional commits viewable in <a
href="https://github.com/postcss/postcss/compare/8.5.6...8.5.10">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=postcss&package-manager=npm_and_yarn&previous-version=8.5.6&new-version=8.5.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-26 19:41:35 +00:00
Danielle Maywood 4505278a9f refactor(site): replace custom scroll implementation with react-infinite-scroll-component (#24687) 2026-04-23 22:12:39 +01:00
Kayla はな 72c3563257 refactor: replace @mui/x-tree-view with simple tree components (#24266) 2026-04-17 13:01:34 -06:00
dependabot[bot] ad7f1bdf5b chore: bump protobufjs from 7.5.4 to 7.5.5 in /site (#24458) 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.4
to 7.5.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md">protobufjs's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.0...protobufjs-v8.0.1">8.0.1</a>
(2026-03-11)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>bump protobufjs dependency version for cli package (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2128">#2128</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/549b05ecd95e23da40fa1a36a9336c57946b8377">549b05e</a>)</li>
<li>correct json syntax in tsconfig.json (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2120">#2120</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/80656255c75000f3e954e036cdfcb5bfd0a8c687">8065625</a>)</li>
<li><strong>descriptor:</strong> guard oneof index for non-Type parents
(<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2122">#2122</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/1cac5cf811d0855b27dcde73a3a04d15efde3728">1cac5cf</a>)</li>
<li>do not allow setting <strong>proto</strong> in Message constructor
(<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/f05e3c3bdd0b3c2cddbf8540bb5bd4d394a693ad">f05e3c3</a>)</li>
<li>filter invalid characters from the type name (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75">535df44</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v8.0.0">8.0.0</a>
(2025-12-16)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>add Edition 2024 Support (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add Edition 2024 Support (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/53e8492cbaae2c741801fa50b5f908ff5129c3d7">53e8492</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47"><code>b7bdfaf</code></a>
chore: release 7.5.5</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956"><code>ff7b2af</code></a>
fix: filter invalid characters from the type name (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482"><code>086b19d</code></a>
fix: do not allow setting <strong>proto</strong> in Message constructor
(<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>)</li>
<li>See full diff in <a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~fenster">fenster</a>, a new releaser for
protobufjs since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=protobufjs&package-manager=npm_and_yarn&previous-version=7.5.4&new-version=7.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-17 05:45:09 +00:00
dependabot[bot] de32dda5f4 chore: bump axios from 1.13.2 to 1.15.0 in /site (#24430) 
Bumps [axios](https://github.com/axios/axios) from 1.13.2 to 1.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>v1.15.0</h2>
<p>This release delivers two critical security patches, adds runtime
support for Deno and Bun, and includes significant CI hardening,
documentation improvements, and routine dependency updates.</p>
<h2>⚠️ Important Changes</h2>
<ul>
<li><strong>Deprecation:</strong> <code>url.parse()</code> usage has
been replaced to address Node.js deprecation warnings. If you are on a
recent version of Node.js, this resolves console warnings you may have
been seeing. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
</ul>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Proxy Handling:</strong> Fixed a <code>no_proxy</code>
hostname normalisation bypass that could lead to Server-Side Request
Forgery (SSRF). (<strong><a
href="https://redirect.github.com/axios/axios/issues/10661">#10661</a></strong>)</li>
<li><strong>Header Injection:</strong> Fixed an unrestricted cloud
metadata exfiltration vulnerability via a header injection chain.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10660">#10660</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Runtime Support:</strong> Added compatibility checks and
documentation for Deno and Bun environments. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10652">#10652</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10653">#10653</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>CI Security:</strong> Hardened workflow permissions to least
privilege, added the <code>zizmor</code> security scanner, pinned action
versions, and gated npm publishing with OIDC and environment protection.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10618">#10618</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10619">#10619</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10627">#10627</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10637">#10637</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10666">#10666</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped
<code>serialize-javascript</code>, <code>handlebars</code>,
<code>picomatch</code>, <code>vite</code>, and
<code>denoland/setup-deno</code> to latest versions. Added a 7-day
Dependabot cooldown period. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10574">#10574</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10572">#10572</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10568">#10568</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10663">#10663</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10664">#10664</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10665">#10665</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10669">#10669</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10670">#10670</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10616">#10616</a></strong>)</li>
<li><strong>Documentation:</strong> Unified docs, improved
<code>beforeRedirect</code> credential leakage example, clarified
<code>withCredentials</code>/<code>withXSRFToken</code> behaviour,
HTTP/2 support notes, async/await timeout error handling, header case
preservation, and various typo fixes. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10649">#10649</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7452">#7452</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7471">#7471</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10654">#10654</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10644">#10644</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li>
<li><strong>Housekeeping:</strong> Removed stale files, regenerated
lockfile, and updated sponsor scripts and blocks. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10584">#10584</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10650">#10650</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10582">#10582</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10640">#10640</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10659">#10659</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10668">#10668</a></strong>)</li>
<li><strong>Tests:</strong> Added regression coverage for urlencoded
<code>Content-Type</code> casing. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve Axios:</p>
<ul>
<li><strong><a
href="https://github.com/raashish1601"><code>@​raashish1601</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li>
<li><strong><a
href="https://github.com/Kilros0817"><code>@​Kilros0817</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
<li><strong><a
href="https://github.com/ashstrc"><code>@​ashstrc</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>)</li>
<li><strong><a
href="https://github.com/Abhi3975"><code>@​Abhi3975</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li>
<li><strong><a
href="https://github.com/theamodhshetty"><code>@​theamodhshetty</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7452">#7452</a></strong>)</li>
</ul>
<h2>v1.14.0</h2>
<p>This release focuses on compatibility fixes, adapter stability
improvements, and test/tooling modernisation.</p>
<h2>⚠️ Important Changes</h2>
<ul>
<li><strong>Breaking Changes:</strong> None identified in this
release.</li>
<li><strong>Action Required:</strong> If you rely on env-based proxy
behaviour or CJS resolution edge-cases, validate your integration after
upgrade (notably <code>proxy-from-env</code> v2 alignment and
<code>main</code> entry compatibility fix).</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Runtime Features:</strong> No new end-user features were
introduced in this release.</li>
<li><strong>Test Coverage Expansion:</strong> Added broader smoke/module
test coverage for CJS and ESM package usage. (<a
href="https://redirect.github.com/axios/axios/pull/7510">#7510</a>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Headers:</strong> Trim trailing CRLF in normalised header
values. (<a
href="https://redirect.github.com/axios/axios/pull/7456">#7456</a>)</li>
<li><strong>HTTP/2:</strong> Close detached HTTP/2 sessions on timeout
to avoid lingering sessions. (<a
href="https://redirect.github.com/axios/axios/pull/7457">#7457</a>)</li>
<li><strong>Fetch Adapter:</strong> Cancel <code>ReadableStream</code>
created during request-stream capability probing to prevent async
resource leaks. (<a
href="https://redirect.github.com/axios/axios/pull/7515">#7515</a>)</li>
<li><strong>Proxy Handling:</strong> Fixed env proxy behavior with
<code>proxy-from-env</code> v2 usage. (<a
href="https://redirect.github.com/axios/axios/pull/7499">#7499</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2>v1.15.0 — April 7, 2026</h2>
<p>This release delivers two critical security patches targeting header
injection and SSRF via proxy bypass, adds official runtime support for
Deno and Bun, and includes significant CI security hardening.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li>
<p><strong>Header Injection (CRLF):</strong> Rejects any header value
containing <code>\r</code> or <code>\n</code> characters to block CRLF
injection chains that could be used to exfiltrate cloud metadata (IMDS).
Behavior change: headers with CR/LF now throw <code>&quot;Invalid
character in header content&quot;</code>. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10660">#10660</a></strong>)</p>
</li>
<li>
<p><strong>SSRF via <code>no_proxy</code> Bypass:</strong> Introduces a
<code>shouldBypassProxy</code> helper that normalises hostnames (strips
trailing dots, handles bracketed IPv6) before evaluating
<code>no_proxy</code>/<code>NO_PROXY</code> rules, closing a gap that
could cause loopback or internal hosts to be inadvertently proxied.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10661">#10661</a></strong>)</p>
</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Deno &amp; Bun Runtime Support:</strong> Added full smoke
test suites for Deno and Bun, with CI workflows that run both runtimes
before any release is cut. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10652">#10652</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Node.js v22 Compatibility:</strong> Replaced deprecated
<code>url.parse()</code> calls with the WHATWG
<code>URL</code>/<code>URLSearchParams</code> API across examples,
sandbox, and tests, eliminating <code>DEP0169</code> deprecation
warnings on Node.js v22+. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li>
<p><strong>CI Security Hardening:</strong> Added <a
href="https://github.com/zizmorcore/zizmor">zizmor</a> GitHub Actions
security scanner; switched npm publish to OIDC Trusted Publishing
(removing the long-lived <code>NODE_AUTH_TOKEN</code>); pinned all
action references to full commit SHAs; narrowed workflow permissions to
least privilege; gated the publish step behind a dedicated
<code>npm-publish</code> environment; and blocked the sponsor-block
workflow from running on forks. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10618">#10618</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10619">#10619</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10627">#10627</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10637">#10637</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10641">#10641</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10666">#10666</a></strong>)</p>
</li>
<li>
<p><strong>Docs:</strong> Clarified HTTP/2 support and the unsupported
<code>httpVersion</code> option; added documentation for header case
preservation; improved the <code>beforeRedirect</code> example to
prevent accidental credential leakage. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10644">#10644</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10654">#10654</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>)</p>
</li>
<li>
<p><strong>Dependencies:</strong> Bumped <code>picomatch</code>,
<code>handlebars</code>, <code>serialize-javascript</code>,
<code>vite</code> (×3), <code>denoland/setup-deno</code>, and 4
additional dev dependencies to latest versions. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10564">#10564</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10565">#10565</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10567">#10567</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10568">#10568</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10572">#10572</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10574">#10574</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10663">#10663</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10664">#10664</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10665">#10665</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10669">#10669</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10670">#10670</a></strong>)</p>
</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve axios:</p>
<ul>
<li><strong><a
href="https://github.com/Kilros0817"><code>@​Kilros0817</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
<li><strong><a
href="https://github.com/shaanmajid"><code>@​shaanmajid</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10616">#10616</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10617">#10617</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10618">#10618</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10619">#10619</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10637">#10637</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10641">#10641</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10666">#10666</a></strong>)</li>
<li><strong><a
href="https://github.com/ashstrc"><code>@​ashstrc</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10644">#10644</a></strong>)</li>
<li><strong><a
href="https://github.com/Abhi3975"><code>@​Abhi3975</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li>
<li><strong><a
href="https://github.com/raashish1601"><code>@​raashish1601</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li>
</ul>
<p><a
href="https://github.com/axios/axios/compare/v1.14.0...v1.15.0">Full
Changelog</a></p>
<hr />
<h2>v1.14.0 — March 27, 2026</h2>
<p>This release fixes a security vulnerability in the
<code>formidable</code> dependency, resolves a CommonJS compatibility
regression, hardens proxy and HTTP/2 handling, and modernises the build
and test toolchain.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Formidable Vulnerability:</strong> Upgraded
<code>formidable</code> from v2 to v3 to address a reported
arbitrary-file vulnerability. Updated test server and assertions to
align with the v3 API. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7533">#7533</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7"><code>772a4e5</code></a>
chore(release): prepare release 1.15.0 (<a
href="https://redirect.github.com/axios/axios/issues/10671">#10671</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22"><code>4b07137</code></a>
chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (<a
href="https://redirect.github.com/axios/axios/issues/10663">#10663</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6"><code>51e57b3</code></a>
chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (<a
href="https://redirect.github.com/axios/axios/issues/10664">#10664</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa"><code>fba1a77</code></a>
chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (<a
href="https://redirect.github.com/axios/axios/issues/10665">#10665</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e"><code>0bf6e28</code></a>
chore(deps): bump denoland/setup-deno in the github-actions group (<a
href="https://redirect.github.com/axios/axios/issues/10669">#10669</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661"><code>8107157</code></a>
chore(deps-dev): bump the development_dependencies group with 4 updates
(<a
href="https://redirect.github.com/axios/axios/issues/10670">#10670</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542"><code>e66530e</code></a>
ci: require npm-publish environment for releases (<a
href="https://redirect.github.com/axios/axios/issues/10666">#10666</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2"><code>49f23cb</code></a>
chore(sponsor): update sponsor block (<a
href="https://redirect.github.com/axios/axios/issues/10668">#10668</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"><code>3631854</code></a>
fix: unrestricted cloud metadata exfiltration via header injection chain
(<a
href="https://redirect.github.com/axios/axios/issues/10">#10</a>...</li>
<li><a
href="https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"><code>fb3befb</code></a>
fix: no_proxy hostname normalization bypass leads to ssrf (<a
href="https://redirect.github.com/axios/axios/issues/10661">#10661</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.13.2...v1.15.0">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for axios since your current version.</p>
</details>
<details>
<summary>Install script changes</summary>
<p>This version modifies <code>prepare</code> script that runs during
installation. Review the package contents before updating.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.13.2&new-version=1.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-16 13:32:24 +00:00
Kayla はな b149433138 chore: complete jest to vitest migration (#24216) 2026-04-10 14:04:24 -06:00
Danielle Maywood aede045549 chore: bump @biomejs/biome from 2.2 to 2.4.10 (#24074) 2026-04-07 12:22:18 +01:00
Jake Howell ba0a64d483 chore: move to using radix-ui over @radix-ui/react-* (#23911) 
This pull-request moves using to using the plain `radix-ui` package over
`@radix-ui/react-*` packages. Put simply, now we're not going to run
into issues with inconsistent radix dependencies. This will have no
effect to how the code is built, but will give us a single place to
import from.
 2026-04-02 18:49:33 +11:00
Jake Howell e81275a91c feat: cleanup <Tabs /> component (#23839) 
This refactors `<Tabs />` into two clearer patterns: link tabs for route
navigation and Radix tabs for stateful tab panels. That gives us proper
accessibility semantics where we need them without overloading simple
navigation tabs.

As part of that split, this updates several consumers, adds coverage for
both variants, and cleans up some nearby styling.

- introduce Radix-backed tabs primitives for tabbed content
- move router-based tabs to `LinkTabs`
- update notifications, IdP sync, and workspace build pages to use
semantic tabs
- preserve route navigation tabs for groups and templates
- add stories/tests for both tab implementations
- simplify related layout and styling in touched components
 2026-04-02 03:45:20 +11:00
Danielle Maywood 28062862a0 chore(site): upgrade to Vite 8 (#23485) 2026-04-01 15:11:47 +00:00
Matt Vollmer 113aaa79a0 feat: add pinned chats with drag-to-reorder (#23615) 
https://github.com/user-attachments/assets/bd5d12a1-61b3-4b7d-83b6-317bdfb60b3c

## Summary

Adds pinned chats to the agents page sidebar with server-side
persistence and drag-to-reorder. Users can pin/unpin chats via the
context menu, and pinned chats appear in a dedicated "Pinned" section
above the time-grouped list.

## Database

Migration `000453_chat_pin_order`: adds `pin_order integer DEFAULT 0 NOT
NULL` column on `chats` (0 = unpinned, 1+ = pinned in display order).
Three SQL queries handle pin operations server-side using CTEs with
`ROW_NUMBER()`:

- `PinChatByID`: normalizes existing orders and appends to end
- `UnpinChatByID`: sets target to 0 and compacts remaining pins
- `UpdateChatPinOrder`: shifts neighbors, clamps to `[1, pinned_count]`

All queries exclude archived chats. `ArchiveChatByID` clears `pin_order`
on archive. The handler rejects pinning archived chats with 400.

## Backend

Pin/unpin/reorder go through the existing `PATCH
/api/experimental/chats/{chat}` via the `pin_order` field on
`UpdateChatRequest`. The handler routes based on current pin state:
`pin_order == 0` unpins, `> 0` on an already-pinned chat reorders, `> 0`
on an unpinned chat appends to end.

## Frontend

- `pinChat` / `unpinChat` / `reorderPinnedChat` optimistic mutations
using shared `isChatListQuery` predicate
- Sidebar renders Pinned section above time groups, excludes pinned
chats from time groups
- Pin/Unpin context menu items (hidden for child/delegated chats)
- `@dnd-kit/core` + `@dnd-kit/sortable` for drag-to-reorder with
`MouseSensor`, `TouchSensor`, and `KeyboardSensor`
- Local pin-order override prevents flash on drop; click blocker
prevents NavLink navigation after drag

---
*PR generated with Coder Agents*
 2026-03-26 16:52:02 -04:00
Kayla はな 5823dc0243 chore: upgrade to typescript 6 (#23526) 2026-03-24 14:37:11 -06:00
Danielle Maywood def4f93eb4 refactor(site): replace react-date-range with shadcn Calendar + DateRangePicker (#23495) 2026-03-24 17:01:35 +00:00
Danielle Maywood bf702cc3b9 chore(site): update streamdown from 2.2.0 to 2.5.0 (#23407) 2026-03-21 21:50:20 -04:00
Danielle Maywood 599f21afa3 feat(site): opt AgentsPage and ai-elements into React Compiler (#23371) 2026-03-20 19:55:35 +00:00
Mathias Fredriksson 3ef13f54ab feat(site): add @storybook/addon-vitest for local story testing (#23303) 
There are 333 stories with play functions but no local way to run them.
CI uses Chromatic, which means broken play functions aren't caught until
after push. For agents, the feedback loop is even worse since they can't
open a browser.

This adds the `@storybook/addon-vitest` integration so play functions
can run locally via vitest + Playwright:

```sh
pnpm test:storybook
pnpm test:storybook src/path/to/component.stories.tsx
```

The vitest config is restructured into two projects (`unit` and
`storybook`).
 2026-03-19 20:27:40 +02:00
Hugo Dutka 85509733f3 feat: chat desktop frontend (#23006) 
https://github.com/user-attachments/assets/26f9c210-01ad-4685-aff1-7629cf3854f1
 2026-03-13 19:01:50 +00:00
Jaayden Halko 4e2640e506 fix(site): WCAG 2.1 AA remediation — landmarks, semantics, and a11y tooling (#22746) 
## Summary

Targeted WCAG 2.1 AA accessibility remediation — continuation of #22673
— addressing remaining semantic, landmark, and tooling gaps identified
in the frontend accessibility review.

### Changes

#### Document semantics (WCAG 3.1.1)
- **`site/index.html`**: Added `<html lang="en">` root wrapper so screen
readers and browser features correctly identify the document language.

#### Landmark & bypass (WCAG 1.3.1, 2.4.1)
- **`DashboardLayout.tsx`**: Replaced `<div id="main-content">` with
`<main id="main-content">` so assistive technology exposes a proper main
landmark and the skip link targets a semantic region.

#### Table header relationships (WCAG 1.3.1)
- **`Table.tsx`**: `TableHead` now renders `scope="col"` by default
(overridable via prop), giving data cells an explicit header
relationship.

#### Semantic interactive controls (WCAG 2.1.1, 4.1.2)
- **`AuditLogRow.tsx`**: Replaced `<div role="button" tabIndex={0}>`
with native `<button type="button">`, removing the manual keyboard
handler (native button provides Enter/Space for free).
- **`Autocomplete.tsx`**: Replaced clear `<span role="button"
tabIndex={0}>` with native `<button type="button" aria-label="Clear
selection">`.

#### Reduced motion (WCAG 2.3.3 best practice)
- **`index.css`**: Added global `@media (prefers-reduced-motion:
reduce)` block that suppresses non-essential animations and transitions.

#### Accessibility regression tooling
- **Storybook**: Added `@storybook/addon-a11y` (version-matched to
existing Storybook 10.x).
- **vitest-axe**: Added `vitest-axe` with setup wiring and an exemplar
`Table.axe.test.tsx` that runs axe-core assertions in vitest.

### Test plan

- 12 new/updated tests pass across 5 test files:
  - `DashboardLayout.test.tsx` — main landmark + skip link behavior
  - `Table.test.tsx` — scope default + override
  - `Table.axe.test.tsx` — axe-core violation scan
  - `AuditPage.test.tsx` — keyboard toggle with native button
  - `Autocomplete.test.tsx` — clear control semantics
- `pnpm lint` clean (biome, TypeScript, circular deps)
- Manual keyboard traversal: skip link → main content, audit row toggle,
autocomplete clear
 2026-03-13 10:47:53 +00:00
Kayla はな d21a9373b6 chore: update-browerslist-db (#23007) 2026-03-12 14:19:40 -06:00