chore(deps): bump the npm_and_yarn group across 11 directories with 15 updates

[dependabot]

Bumps the npm_and_yarn group with 14 updates in the / directory:

Package	From	To
lodash	4.17.21	4.18.1
uuid	10.0.0	14.0.0
systeminformation	5.23.5	5.31.6
vite	5.4.11	6.4.2
ws	8.18.0	8.20.1
brace-expansion	1.1.11	1.1.15
defu	6.1.4	6.1.7
fast-uri	3.0.3	3.1.2
follow-redirects	1.15.9	1.16.0
kysely	0.27.4	0.27.6
node-forge	1.3.1	1.4.0
picomatch	2.3.1	2.3.2
qs	6.5.3	6.5.5
yaml	1.10.2	1.10.3

Bumps the npm_and_yarn group with 3 updates in the /packages/extension directory: vitest, uuid and vite.
Bumps the npm_and_yarn group with 1 update in the /packages/keyring directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/name-resolution directory: vitest.
Bumps the npm_and_yarn group with 2 updates in the /packages/request directory: vitest and uuid.
Bumps the npm_and_yarn group with 1 update in the /packages/signers/bitcoin directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/signers/kadena directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/signers/polkadot directory: vitest.
Bumps the npm_and_yarn group with 1 update in the /packages/storage directory: vitest.
Bumps the npm_and_yarn group with 2 updates in the /packages/swap directory: vitest and uuid.
Bumps the npm_and_yarn group with 1 update in the /packages/utils directory: vitest.

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
• lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

• Add security notice for _.template in threat model and API docs (#6099)
• Document lower > upper behavior in _.random (#6115)
• Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

• lodash.orderby
• lodash.tonumber
• lodash.trim
• lodash.trimend
• lodash.sortedindexby
• lodash.zipobjectdeep
• lodash.unset
• lodash.omit
• lodash.template

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
• 75535f5 chore: prune stale advisory refs (#6170)
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
• 59be2de release(minor): bump to 4.18.0 (#6161)
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
• b819080 ci: add dist sync validation workflow (#6137)
• Additional commits viewable in compare view

Updates uuid from 10.0.0 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

• expect crypto to be global everywhere (requires node@20+) (#935)
• drop node@18 support (#934)

Features

• drop node@18 support (#934) (dc4ddb8)

Bug Fixes

• expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
• Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

• rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

v12.0.1

12.0.1 (2026-04-29)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

• Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

• crypto is now expected to be globally defined (requires node@20+) (#935)
• drop node@18 support (#934)
• upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

• update to typescript@5.2 (#887)
• remove CommonJS support (#886)
• drop node@16 support (#883)

Features

• add node@24 to ci matrix (#879) (42b6178)
• drop node@16 support (#883) (0f38cf1)
• remove CommonJS support (#886) (ae786e2)
• update to typescript@5.2 (#887) (c7ee405)

Bug Fixes

• improve v4() performance (#894) (5fd974c)
• restore node: prefix (#889) (e1f42a3)

11.1.0 (2025-02-19)

... (truncated)

Commits

• 7c1ea08 chore(main): release 14.0.0 (#926)
• 3d2c5b0 Merge commit from fork
• f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
• 529ef08 chore: upgrade TypeScript and fixup types (#927)
• 086fd79 chore: update dependencies (#933)
• dc4ddb8 feat!: drop node@18 support (#934)
• 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
• e2879e6 chore: use maintained version of npm-run-all (#930)
• ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
• 0423d49 docs: remove obsolete v1 option notes (#915)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates systeminformation from 5.23.5 to 5.31.6

Release notes

Sourced from systeminformation's releases.

v5.31.6

Full Changelog: sebhildebrandt/systeminformation@v5.31.5...v5.31.6

v5.31.5

Full Changelog: sebhildebrandt/systeminformation@v5.31.4...v5.31.5

v5.31.4

Full Changelog: sebhildebrandt/systeminformation@v5.31.3...v5.31.4

v5.31.3

Full Changelog: sebhildebrandt/systeminformation@v5.31.2...v5.31.3

v5.31.2

Full Changelog: sebhildebrandt/systeminformation@v5.31.1...v5.31.2

v5.31.1

Full Changelog: sebhildebrandt/systeminformation@v5.31.0...v5.31.1

v5.31.0

Full Changelog: sebhildebrandt/systeminformation@v5.30.8...v5.31.0

v5.30.8

Full Changelog: sebhildebrandt/systeminformation@v5.30.7...v5.30.8

v5.30.7

Full Changelog: sebhildebrandt/systeminformation@v5.30.6...v5.30.7

v5.30.6

Full Changelog: sebhildebrandt/systeminformation@v5.30.5...v5.30.6

v5.30.5

Full Changelog: sebhildebrandt/systeminformation@v5.30.4...v5.30.5

v5.30.4

Full Changelog: sebhildebrandt/systeminformation@v5.30.3...v5.30.4

v5.30.3

Full Changelog: sebhildebrandt/systeminformation@v5.30.2...v5.30.3

v5.30.2

Full Changelog: sebhildebrandt/systeminformation@v5.30.1...v5.30.2

v5.30.1

Full Changelog: sebhildebrandt/systeminformation@v5.30.0...v5.30.1

v5.30.0

Full Changelog: sebhildebrandt/systeminformation@v5.29.1...v5.30.0

v5.29.1

Full Changelog: sebhildebrandt/systeminformation@v5.29.0...v5.29.1

... (truncated)

Changelog

Sourced from systeminformation's changelog.

Changelog

Major Changes - Version 5

New Functions

• audio() detailed audio information
• bluetoothDevices() detailed information detected bluetooth devices
• dockerImages() detailed information docker images
• dockerVolumes() detailed information docker volumes
• printers() detailed printer information
• usb() detailed USB information
• wifiInterfaces() detected Wi-Fi interfaces
• wifiConnections() active Wi-Fi connections

Breaking Changes

Be aware, that the new version 5.x is NOT fully backward compatible to version 4.x ...

We had to make several interface changes to keep systeminformation as consistent as possible. We highly recommend to go through the complete list and adapt your own code to be again compatible to the new version 5.

Function	Old	New (V5)	Comments
unsupported values	-1	null	values which are unknown orunsupported on platform
battery()	hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining	hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining	pascalCase conformity
blockDevices()	fstype	fsType	pascalCase conformity
cpu()	speedminspeedmax	speedMinspeedMax	pascalCase conformity
cpu().speedcpu().speedMincpu().speedMax	string values	now returningnumerical values	better value handling
cpuCurrentspeed()		cpuCurrentSpeed()	function name changedpascalCase conformity
currentLoad()	avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload	avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad	pascalCase conformity
dockerContainerStats()	mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats	memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats	pascalCase conformity
dockerContainerProcesses()	pid_host	pidHost	pascalCase conformity
graphics().display	pixeldepthresolutionxresolutionysizexsizey	pixelDepthresolutionXresolutionYsizeXsizeY	pascalCase conformity
networkConnections()	localaddresslocalportpeeraddresspeerport	localAddresslocalPortpeerAddresspeerPort	pascalCase conformity
networkInterfaces()	carrier_changes	carrierChanges	pascalCase conformity
processes()	mem_vszmem_rsspcpupcpuupcpuspmem	memVszmemRsscpucpuucpusmem	pascalCase conformityrenamed attributes
processLoad()	result as object	result as array of objects	function now allows to provide more thanone process (as a comma separated list)
services()	pcpupmem	cpumem	renamed attributes
vbox()	HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC	hpetpaeapicx2ApicacpiioApicbiosApicModertc	pascalCase conformity

Other Improvements and Changes

• baseboard(): added memMax, memSlots
• bios(): added language and features (linux)
• blockDevices() added raid group member (linux)
• cpu(): extended AMD processor list

... (truncated)

Commits

• da1cbf5 5.31.6
• 87dbb60 fix: smaller issues
• 1d1bddf fix: smaller issues
• f69576f fix: networkInterfaces() ci wip
• 78624d1 fix: networkInterfaces() ci
• ed1cac5 5.31.5
• 4dd5aa9 netStats() netstat command adaption (mac OS)
• 59360e6 5.31.4
• 3ef3f3b diskLayout() USB tahoe compatibility (mac OS)
• 8edd130 5.31.3
• Additional commits viewable in compare view

Updates vite from 5.4.11 to 6.4.2

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

• fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163
• fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

6.4.1 (2025-10-20)

• fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969) (1114b5d), closes #20968 #20969

6.4.0 (2025-10-15)

• feat: allow passing down resolved config to vite's createServer (#20932) (ca6455e), closes #20932

6.3.7 (2025-10-14)

• fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940) (c59a222), closes #20940

6.3.6 (2025-09-08)

• fix: apply fs.strict check to HTML files (#20736) (0ab19ea), closes #20736
• fix: upgrade sirv to 3.0.2 (#20735) (e11d240), closes #20735
• test: detect ts support via process.features (#20544) (7d99229), closes #20544

6.3.5 (2025-05-05)

• fix(ssr): handle uninitialized export access as undefined (#19959) (fd38d07), closes #19959

6.3.4 (2025-04-30)

• fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965
• fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940
• refactor: remove duplicate plugin context type (#19935) (d6d01c2), closes #19935

6.3.3 (2025-04-24)

• fix: ignore malformed uris in tranform middleware (#19853) (e4d5201), closes #19853

... (truncated)

Commits

• 6b3fad0 release: v6.4.2
• ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
• fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
• 5487f4f release: v6.4.1
• 1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
• f12697c release: v6.4.0
• ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
• 0e173d8 release: v6.3.7
• c59a222 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)
• 3f337c5 release: v6.3.6
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vite since your current version.

Updates ws from 8.18.0 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

8.20.0

Features

• Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

8.19.0

Features

• Added the closeTimeout option (#2308).

Bug fixes

• Handled a forthcoming breaking change in Node.js core (19984854).

... (truncated)

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• 3ee5349 [api] Convert the isServer and maxPayload parameters to options
• 91707b4 [doc] Add missing space
• 8b55319 [pkg] Update eslint to version 10.0.1
• Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.15

Release notes

Sourced from brace-expansion's releases.

v1.1.15

• Backport v5.0.6 change to v1 (#111) 0b09384

---

juliangruber/brace-expansion@v1.1.14...v1.1.15

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 2203f4f 1.1.15
• 0b09384 Backport v5.0.6 change to v1 (#111)
• 10c05fc 1.1.14
• 1afa1b2 Add opt-in { max } mitigation to v1 legacy line (#103)
• 2fbb6a2 Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)
• 0d7652e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)
• 6c353ca 1.1.13
• 7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• Additional commits viewable in compare view

Updates defu from 6.1.4 to 6.1.7

Release notes

Sourced from defu's releases.

v6.1.7

compare changes

📦 Build

• Correct the types export entry (#160)
• Export Defu types (#157)

❤️ Contributors

• Jakub Michálek (@​J-Michalek)
• Kricsleo (@​kricsleo)

v6.1.6

compare changes

📦 Build

• Fix mixed types (407b516)

v6.1.5

compare changes

🩹 Fixes

• Prevent prototype pollution via __proto__ in defaults (#156)
• Ignore inherited enumerable properties (11ba022)

✅ Tests

• Add more tests for plain objects (b65f603)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Kricsleo (@​kricsleo)

Changelog

Sourced from defu's changelog.

v6.1.7

compare changes

🩹 Fixes

• defu.d.cts: Export Defu types (#157)

📦 Build

• Correct the types export entry (#160)

❤️ Contributors

• Jakub Michálek (@​J-Michalek)
• Kricsleo (@​kricsleo)

v6.1.6

compare changes

📦 Build

• Fix mixed types (407b516)

❤️ Contributors

• Pooya Parsa (@​pi0)

v6.1.5

compare changes

🩹 Fixes

• Prevent prototype pollution via __proto__ in defaults (#156)
• Ignore inherited enumerable properties (11ba022)

🏡 Chore

• Add tea.yaml (70cffe5)
• Update repo (23cc432)
• Fix typecheck (89df6bb)

✅ Tests

• Add more tests for plain objects (b65f603)

🤖 CI

... (truncated)

Commits

• 80c0146 chore(release): v6.1.7
• 40d7ef4 fix(defu.d.cts): export Defu types (#157)
• 3d3a7c8 build: correct the types export entry (#160)
• 001c290 chore(release): v6.1.6
• 407b516 build: fix mixed types
• 23e59e6 chore(release): v6.1.5
• 11ba022 fix: ignore inherited enumerable properties
• 3942bfb fix: prevent prototype pollution via __proto__ in defaults (#156)
• d3ef16d chore(deps): update actions/checkout action to v6 (#151)
• 869a053 chore(deps): update actions/setup-node action to v6 (#149)
• Additional commits viewable in compare view

Updates fast-uri from 3.0.3 to 3.1.2

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

• Fix for GHSA-v39h-62p7-jpjc

What's Changed

• Handle malformed fragment decoding as a parse error by @​mcollina in fastify/fast-uri#171

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

• Fix for GHSA-q3j6-qgpj-74h6

What's Changed

• build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @​dependabot[bot] in fastify/fast-uri#148
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in fastify/fast-uri#149
• chore(.npmrc): ignore scripts by @​Fdawgs in fastify/fast-uri#150
• build(deps-dev): remove @​fastify/pre-commit by @​Fdawgs in fastify/fast-uri#151
• build(deps): bump actions/setup-node from 4 to 5 by @​dependabot[bot] in fastify/fast-uri#152
• ci(ci): add concurrency config by @​Fdawgs in fastify/fast-uri#153
• build(deps): bump actions/setup-node from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#154
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#156
• chore(license): standardise license notice by @​Fdawgs in fastify/fast-uri#159
• style: remove trailing whitespace by @​Fdawgs in fastify/fast-uri#161
• ci: remove unused github files by @​Tony133 in fastify/fast-uri#162
• chore: update readme by @​Tony133 in fastify/fast-uri#164
• build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#165
• build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#166
• build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @​dependabot[bot] in fastify/fast-uri#167
• ci: add lock-threads workflow by @​Fdawgs in fastify/fast-uri#169

New Contributors

• @​Tony133 made their first contribution in fastify/fast-uri#162

Full Changelog: fastify/fast-uri@v3.1.0...v3.1.1

v3.1.0

What's Changed

• ci: remove master branch support by @​Fdawgs in fastify/fast-uri#126
• chore(test) remove .gitkeep by @​Fdawgs in fastify/fast-uri#128
• ci(ci): set job permissions by @​Fdawgs in fastify/fast-uri#129
• ci: set permissions at workflow level by @​Fdawgs in fastify/fast-uri#131
• ci: set workflow permissions to read-only by default by @​Fdawgs in fastify/fast-uri#132
• ci(ci): restore job level permissions by @​Fdawgs in fastify/fast-uri#133
• build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @​dependabot[bot] in fastify/fast-uri#134
• ci(ci): pin actions to commit-hash by @​Fdawgs in fastify/fast-uri#135
• ci: add node 24 to test matrix by @​Fdawgs in fastify/fast-uri#136

... (truncated)

Commits

• 919dd8e Bumped v3.1.2
• c65ba57 fixup: linting
• 6c86c17 Merge commit from fork
• a95158a Handle malformed fragment decoding without throwing (#171)
• cea547c Bumped v3.1.1
• 876ce79 Merge commit from fork
• dcdf690 ci: add lock-threads workflow (#169)
• c860e65 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)
• 9b4c6dc build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)
• 85d09a9 build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.9 to 1.16.0

Commits

• 0c23a22 Release version 1.16.0 of the npm package.
• 844c4d3 Add sensitiveHeaders option.
• 5e8b8d0 ci: add Node.js 24.x to the CI matrix
• 7953e22 ci: upgrade ...

  Description has been truncated