chore(deps): Bump the npm_and_yarn group across 16 directories with 11 updates by dependabot[bot] · Pull Request #344 · WhatIfWeDigDeeper/application-tracker

dependabot · 2026-06-08T16:54:26Z

Bumps the npm_and_yarn group with 3 updates in the /angular-spring-ui directory: hono, qs and ws.
Bumps the npm_and_yarn group with 3 updates in the /angular-ui directory: hono, qs and ws.
Bumps the npm_and_yarn group with 2 updates in the /api directory: hono and qs.
Bumps the npm_and_yarn group with 2 updates in the /hono-api directory: brace-expansion and hono.
Bumps the npm_and_yarn group with 1 update in the /koa-api directory: qs.
Bumps the npm_and_yarn group with 2 updates in the /lambda-api directory: brace-expansion and hono.
Bumps the npm_and_yarn group with 2 updates in the /lambda-react-ui directory: vitest and react-router.
Bumps the npm_and_yarn group with 1 update in the /nest-api directory: vitest.
Bumps the npm_and_yarn group with 2 updates in the /nuxt-api directory: ws and nuxt.
Bumps the npm_and_yarn group with 2 updates in the /react-ui directory: brace-expansion and react-router.
Bumps the npm_and_yarn group with 4 updates in the /svelte-ui directory: brace-expansion, ws, svelte and @sveltejs/kit.
Bumps the npm_and_yarn group with 3 updates in the /tanstack-start-ui directory: brace-expansion, vitest and @tanstack/start-server-core.
Bumps the npm_and_yarn group with 2 updates in the /tanstack-ui directory: brace-expansion and vitest.
Bumps the npm_and_yarn group with 1 update in the /ui directory: ws.
Bumps the npm_and_yarn group with 1 update in the /vue-ui directory: js-cookie.
Bumps the npm_and_yarn group with 2 updates in the /yoga-api directory: brace-expansion and hono.

Updates hono from 4.12.18 to 4.12.24

Release notes

Sourced from hono's releases.

v4.12.24

What's Changed

docs(contribution): simplifyAI Usage Policy by @yusukebe in honojs/hono#4972

chore: remove @types/glob by @rtritto in honojs/hono#4978

fix(bearer-auth): mention verifyToken in missing-options error message by @tan7vir in honojs/hono#4987

refactor(language): Test/improve tests on languages middleware by @iNeoO in honojs/hono#4980

fix(utils/ipaddr): expand "::" to eight zero groups by @youcefzemmar in honojs/hono#4973

fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by @Mohammad-Faiz-Cloud-Engineer in honojs/hono#4982

refactor(timing): Test/add test for middleware timing by @iNeoO in honojs/hono#4991

fix(utils/ipaddr): render the unspecified address binary as "::" by @sarathfrancis90 in honojs/hono#4998

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

What's Changed

fix(serve-static): normalize all backslashes in file paths, not just the first in honojs/hono#4962

feat(context): export the Context class publicly by @BlankParticle in honojs/hono#4543

docs(contribution): add AI Usage Policy by @yusukebe in honojs/hono#4970

feat(compress): add contentTypeFilter option and COMPRESSIBLE_CONTENT_TYPE_REGEX re-export by @na-trium-144 in honojs/hono#4961

fix(utils/ipaddr): do not compress a single 0 group to :: by @yusukebe in honojs/hono#4971

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

What's Changed

chore: update vitest to v4 and cleanups by @BlankParticle in honojs/hono#4952

fix(mime): specify charset parameter per MIME type instead of mechanical detection by @renatograsso10 in honojs/hono#4912

fix(compress): respect Accept-Encoding when encoding option is set by @LeSingh1 in honojs/hono#4951

fix(deno): echo negotiated WebSocket subprotocol in upgrade response by @ATOM00blue in honojs/hono#4955

feat: add msgpack as a compressible content type by @na-trium-144 in honojs/hono#4957

New Contributors

@renatograsso10 made their first contribution in honojs/hono#4912

@LeSingh1 made their first contribution in honojs/hono#4951

@ATOM00blue made their first contribution in honojs/hono#4955

@na-trium-144 made their first contribution in honojs/hono#4957

Full Changelog: honojs/hono@v4.12.21...v4.12.22

v4.12.21

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

... (truncated)

Commits

5fdde5a 4.12.24
c78932d fix(utils/ipaddr): render the unspecified address binary as "::" (#4998)
5ef800e refactor(timing): Test/add test for middleware timing (#4991)
d743bb7 fix: clean up config files trailing comma, stale excludes, typesVersions gaps...
d22ff9c fix(utils/ipaddr): expand "::" to eight zero groups (#4973)
8e2cccc refactor(language): Test/improve tests on languages middleware (#4980)
413d3cb fix(bearer-auth): mention verifyToken in missing-options error message (#4987)
2cbeadd chore: remove @types/glob (#4978)
9051d3e docs(contribution): simplifyAI Usage Policy (#4972)
83bfb3b 4.12.23
Additional commits viewable in compare view

Updates qs from 6.15.0 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

[Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder

[Fix] stringify: use configured delimiter after charsetSentinel (#555)

[Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)

[Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)

[Fix] parse: handle nested bracket groups and add regression tests (#530)

[readme] fix grammar (#550)

[Dev Deps] update @ljharb/eslint-config

[Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

[Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters

[Deps] update @ljharb/eslint-config

[Dev Deps] update @ljharb/eslint-config, iconv-lite

[Tests] increase coverage

Commits

9aca407 v6.15.2
5e33d33 [Dev Deps] update @ljharb/eslint-config
21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
96755ab [readme] fix grammar
a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
3f5e1c5 v6.15.1
Additional commits viewable in compare view

Updates ws from 8.20.0 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});
The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits

bca91ad [dist] 8.21.0
2b2abd4 [security] Limit retained message parts
78eabe2 [security] Add latest vulnerability to SECURITY.md
5d9b316 [dist] 8.20.1
c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
ce2a3d6 [ci] Test on node 26
58e45b8 [ci] Do not test on node 25
5f26c24 [ci] Run the lint step on node 24
See full diff in compare view

Updates hono from 4.12.18 to 4.12.24

Release notes

Sourced from hono's releases.

v4.12.24

What's Changed

docs(contribution): simplifyAI Usage Policy by @yusukebe in honojs/hono#4972

chore: remove @types/glob by @rtritto in honojs/hono#4978

fix(bearer-auth): mention verifyToken in missing-options error message by @tan7vir in honojs/hono#4987

refactor(language): Test/improve tests on languages middleware by @iNeoO in honojs/hono#4980

fix(utils/ipaddr): expand "::" to eight zero groups by @youcefzemmar in honojs/hono#4973

fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by @Mohammad-Faiz-Cloud-Engineer in honojs/hono#4982

refactor(timing): Test/add test for middleware timing by @iNeoO in honojs/hono#4991

fix(utils/ipaddr): render the unspecified address binary as "::" by @sarathfrancis90 in honojs/hono#4998

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

What's Changed

fix(serve-static): normalize all backslashes in file paths, not just the first in honojs/hono#4962

feat(context): export the Context class publicly by @BlankParticle in honojs/hono#4543

docs(contribution): add AI Usage Policy by @yusukebe in honojs/hono#4970

feat(compress): add contentTypeFilter option and COMPRESSIBLE_CONTENT_TYPE_REGEX re-export by @na-trium-144 in honojs/hono#4961

fix(utils/ipaddr): do not compress a single 0 group to :: by @yusukebe in honojs/hono#4971

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

What's Changed

chore: update vitest to v4 and cleanups by @BlankParticle in honojs/hono#4952

fix(mime): specify charset parameter per MIME type instead of mechanical detection by @renatograsso10 in honojs/hono#4912

fix(compress): respect Accept-Encoding when encoding option is set by @LeSingh1 in honojs/hono#4951

fix(deno): echo negotiated WebSocket subprotocol in upgrade response by @ATOM00blue in honojs/hono#4955

feat: add msgpack as a compressible content type by @na-trium-144 in honojs/hono#4957

New Contributors

@renatograsso10 made their first contribution in honojs/hono#4912

@LeSingh1 made their first contribution in honojs/hono#4951

@ATOM00blue made their first contribution in honojs/hono#4955

@na-trium-144 made their first contribution in honojs/hono#4957

Full Changelog: honojs/hono@v4.12.21...v4.12.22

v4.12.21

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

... (truncated)

Commits

5fdde5a 4.12.24
c78932d fix(utils/ipaddr): render the unspecified address binary as "::" (#4998)
5ef800e refactor(timing): Test/add test for middleware timing (#4991)
d743bb7 fix: clean up config files trailing comma, stale excludes, typesVersions gaps...
d22ff9c fix(utils/ipaddr): expand "::" to eight zero groups (#4973)
8e2cccc refactor(language): Test/improve tests on languages middleware (#4980)
413d3cb fix(bearer-auth): mention verifyToken in missing-options error message (#4987)
2cbeadd chore: remove @types/glob (#4978)
9051d3e docs(contribution): simplifyAI Usage Policy (#4972)
83bfb3b 4.12.23
Additional commits viewable in compare view

Updates qs from 6.15.0 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

[Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder

[Fix] stringify: use configured delimiter after charsetSentinel (#555)

[Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)

[Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)

[Fix] parse: handle nested bracket groups and add regression tests (#530)

[readme] fix grammar (#550)

[Dev Deps] update @ljharb/eslint-config

[Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

[Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters

[Deps] update @ljharb/eslint-config

[Dev Deps] update @ljharb/eslint-config, iconv-lite

[Tests] increase coverage

Commits

9aca407 v6.15.2
5e33d33 [Dev Deps] update @ljharb/eslint-config
21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
96755ab [readme] fix grammar
a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
3f5e1c5 v6.15.1
Additional commits viewable in compare view

Updates ws from 8.20.0 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});
The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits

bca91ad [dist] 8.21.0
2b2abd4 [security] Limit retained message parts
78eabe2 [security] Add latest vulnerability to SECURITY.md
5d9b316 [dist] 8.20.1
c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
ce2a3d6 [ci] Test on node 26
58e45b8 [ci] Do not test on node 25
5f26c24 [ci] Run the lint step on node 24
See full diff in compare view

Updates hono from 4.12.15 to 4.12.24

Release notes

Sourced from hono's releases.

v4.12.24

What's Changed

docs(contribution): simplifyAI Usage Policy by @yusukebe in honojs/hono#4972

chore: remove @types/glob by @rtritto in honojs/hono#4978

fix(bearer-auth): mention verifyToken in missing-options error message by @tan7vir in honojs/hono#4987

refactor(language): Test/improve tests on languages middleware by @iNeoO in honojs/hono#4980

fix(utils/ipaddr): expand "::" to eight zero groups by @youcefzemmar in honojs/hono#4973

fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by @Mohammad-Faiz-Cloud-Engineer in honojs/hono#4982

refactor(timing): Test/add test for middleware timing by @iNeoO in honojs/hono#4991

fix(utils/ipaddr): render the unspecified address binary as "::" by @sarathfrancis90 in honojs/hono#4998

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

What's Changed

fix(serve-static): normalize all backslashes in file paths, not just the first in honojs/hono#4962

feat(context): export the Context class publicly by @BlankParticle in honojs/hono#4543

docs(contribution): add AI Usage Policy by @yusukebe in honojs/hono#4970

feat(compress): add contentTypeFilter option and COMPRESSIBLE_CONTENT_TYPE_REGEX re-export by @na-trium-144 in honojs/hono#4961

fix(utils/ipaddr): do not compress a single 0 group to :: by @yusukebe in honojs/hono#4971

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

What's Changed

chore: update vitest to v4 and cleanups by @BlankParticle in honojs/hono#4952

fix(mime): specify charset parameter per MIME type instead of mechanical detection by @renatograsso10 in honojs/hono#4912

fix(compress): respect Accept-Encoding when encoding option is set by @LeSingh1 in honojs/hono#4951

fix(deno): echo negotiated WebSocket subprotocol in upgrade response by @ATOM00blue in honojs/hono#4955

feat: add msgpack as a compressible content type by @na-trium-144 in honojs/hono#4957

New Contributors

@renatograsso10 made their first contribution in honojs/hono#4912

@LeSingh1 made their first contribution in honojs/hono#4951

@ATOM00blue made their first contribution in honojs/hono#4955

@na-trium-144 made their first contribution in honojs/hono#4957

Full Changelog: honojs/hono@v4.12.21...v4.12.22

v4.12.21

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

... (truncated)

Commits

5fdde5a 4.12.24
c78932d fix(utils/ipaddr): render the unspecified address binary as "::" (#4998)
5ef800e refactor(timing): Test/add test for middleware timing (#4991)
d743bb7 fix: clean up config files trailing comma, stale excludes, typesVersions gaps...
d22ff9c fix(utils/ipaddr): expand "::" to eight zero groups (#4973)
8e2cccc refactor(language): Test/improve tests on languages middleware (#4980)
413d3cb fix(bearer-auth): mention verifyToken in missing-options error message (#4987)
2cbeadd chore: remove @types/glob (#4978)
9051d3e docs(contribution): simplifyAI Usage Policy (#4972)
83bfb3b 4.12.23
Additional commits viewable in compare view

Updates qs from 6.15.0 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

[Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder

[Fix] stringify: use configured delimiter after charsetSentinel (#555)

[Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)

[Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)

[Fix] parse: handle nested bracket groups and add regression tests (#530)

[readme] fix grammar (#550)

[Dev Deps] update @ljharb/eslint-config

[Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

[Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters

[Deps] update @ljharb/eslint-config

[Dev Deps] update @ljharb/eslint-config, iconv-lite

[Tests] increase coverage

Commits

9aca407 v6.15.2
5e33d33 [Dev Deps] update @ljharb/eslint-config
21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
96755ab [readme] fix grammar
a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
3f5e1c5 v6.15.1
Additional commits viewable in compare view

Updates brace-expansion from 5.0.5 to 5.0.6

Commits

46317b5 5.0.6
c0b095b Merge commit from fork
ec56020 Bump picomatch from 4.0.3 to 4.0.4 (#93)
See full diff in compare view

Updates hono from 4.12.15 to 4.12.24

Release notes

Sourced from hono's releases.

v4.12.24

What's Changed

docs(contribution): simplifyAI Usage Policy by @yusukebe in honojs/hono#4972

chore: remove @types/glob by @rtritto in honojs/hono#4978

fix(bearer-auth): mention verifyToken in missing-options error message by @tan7vir in honojs/hono#4987

refactor(language): Test/improve tests on languages middleware by @iNeoO in honojs/hono#4980

fix(utils/ipaddr): expand "::" to eight zero groups by @youcefzemmar in honojs/hono#4973

fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by @Mohammad-Faiz-Cloud-Engineer in honojs/hono#4982

refactor(timing): Test/add test for middleware timing by @iNeoO in honojs/hono#4991

fix(utils/ipaddr): render the unspecified address binary as "::" by @sarathfrancis90 in honojs/hono#4998

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

What's Changed

fix(serve-static): normalize all backslashes in file paths, not just the first in honojs/hono#4962

feat(context): export the Context class publicly by @BlankParticle in honojs/hono#4543

docs(contribution): add AI Usage Policy by @yusukebe in honojs/hono#4970

feat(compress): add contentTypeFilter option and COMPRESSIBLE_CONTENT_TYPE_REGEX re-export by @na-trium-144 in honojs/hono#4961

fix(utils/ipaddr): do not compress a single 0 group to :: by @yusukebe in honojs/hono#4971

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

What's Changed

chore: update vitest to v4 and cleanups by @BlankParticle in honojs/hono#4952

fix(mime): specify charset parameter per MIME type instead of mechanical detection by @renatograsso10 in honojs/hono#4912

fix(compress): respect Accept-Encoding when encoding option is set by @LeSingh1 in honojs/hono#4951

fix(deno): echo negotiated WebSocket subprotocol in upgrade response by @ATOM00blue in honojs/hono#4955

feat: add msgpack as a compressible content type by @na-trium-144 in honojs/hono#4957

New Contributors

@renatograsso10 made their first contribution in honojs/hono#4912

@LeSingh1 made their first contribution in honojs/hono#4951

@ATOM00blue made their first contribution in honojs/hono#4955

@na-trium-144 made their first contribution in honojs/hono#4957

Full Changelog: honojs/hono@v4.12.21...v4.12.22

v4.12.21

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

... (truncated)

Commits

5fdde5a 4.12.24
c78932d fix(utils/ipaddr): render the unspecified address binary as "::" (#4998)
5ef800e refactor(timing): Test/add test for middleware timing (#4991)
d743bb7 fix: clean up config files trailing comma, stale excludes, typesVersions gaps...
d22ff9c fix(utils/ipaddr): expand "::" to eight zero groups (#4973)
8e2cccc refactor(language): Test/improve tests on languages middleware (#4980)
413d3cb fix(bearer-auth): mention verifyToken in missing-options error message (#4987)
2cbeadd chore: remove @types/glob (#4978)
9051d3e docs(contribution): simplifyAI Usage Policy (#4972)
83bfb3b 4.12.23
Additional commits viewable in compare view

Updates qs from 6.15.0 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

[Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder

[Fix] stringify: use configured delimiter after charsetSentinel (#555)

[Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)

[Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)

[Fix] parse: handle nested bracket groups and add regression tests (#530)

[readme] fix grammar (#550)

[Dev Deps] update @ljharb/eslint-config

[Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

[Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters

[Deps] update @ljharb/eslint-config

[Dev Deps] update @ljharb/eslint-config, iconv-lite

[Tests] increase coverage

Commits

9aca407 v6.15.2
5e33d33 [Dev Deps] update @ljharb/eslint-config
21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
96755ab [readme] fix grammar
a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
3f5e1c5 v6.15.1
Additional commits viewable in compare view

Updates brace-expansion from 5.0.5 to 5.0.6

Commits

46317b5 5.0.6
c0b095b Merge commit from fork
ec56020 Bump picomatch from 4.0.3 to 4.0.4 (#93)
See full diff in compare view

Updates hono from 4.12.15 to 4.12.24

Release notes

Sourced from hono's releases.

v4.12.24

What's Changed

docs(contribution): simplifyAI Usage Policy by @yusukebe in honojs/hono#4972

chore: remove @types/glob by @rtritto in honojs/hono#4978

fix(bearer-auth): mention verifyToken in missing-options error message by @tan7vir in honojs/hono#4987

refactor(language): Test/improve tests on languages middleware by @iNeoO in honojs/hono#4980

fix(utils/ipaddr): expand "::" to eight zero groups by @youcefzemmar in honojs/hono#4973

fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by @Mohammad-Faiz-Cloud-Engineer in honojs/hono#4982

refactor(timing): Test/add test for middleware timing by @iNeoO in honojs/hono#4991

fix(utils/ipaddr): render the unspecified address binary as "::" by @sarathfrancis90 in honojs/hono#4998

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

What's Changed

fix(serve-static): normalize all backslashes in file paths, not just the first in honojs/hono#4962

feat(context): export the Context class publicly by @BlankParticle in honojs/hono#4543

docs(contribution): add AI Usage Policy by @yusukebe in honojs/hono#4970

feat(compress): add contentTypeFilter option and COMPRESSIBLE_CONTENT_TYPE_REGEX re-export by @na-trium-144 in honojs/hono#4961

fix(utils/ipaddr...
Description has been truncated

…1 updates Bumps the npm_and_yarn group with 3 updates in the /angular-spring-ui directory: [hono](https://github.com/honojs/hono), [qs](https://github.com/ljharb/qs) and [ws](https://github.com/websockets/ws). Bumps the npm_and_yarn group with 3 updates in the /angular-ui directory: [hono](https://github.com/honojs/hono), [qs](https://github.com/ljharb/qs) and [ws](https://github.com/websockets/ws). Bumps the npm_and_yarn group with 2 updates in the /api directory: [hono](https://github.com/honojs/hono) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 2 updates in the /hono-api directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 1 update in the /koa-api directory: [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 2 updates in the /lambda-api directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 2 updates in the /lambda-react-ui directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router). Bumps the npm_and_yarn group with 1 update in the /nest-api directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 2 updates in the /nuxt-api directory: [ws](https://github.com/websockets/ws) and [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt). Bumps the npm_and_yarn group with 2 updates in the /react-ui directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router). Bumps the npm_and_yarn group with 4 updates in the /svelte-ui directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [ws](https://github.com/websockets/ws), [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit). Bumps the npm_and_yarn group with 3 updates in the /tanstack-start-ui directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) and [@tanstack/start-server-core](https://github.com/TanStack/router/tree/HEAD/packages/start-server-core). Bumps the npm_and_yarn group with 2 updates in the /tanstack-ui directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Bumps the npm_and_yarn group with 1 update in the /ui directory: [ws](https://github.com/websockets/ws). Bumps the npm_and_yarn group with 1 update in the /vue-ui directory: [js-cookie](https://github.com/js-cookie/js-cookie). Bumps the npm_and_yarn group with 2 updates in the /yoga-api directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [hono](https://github.com/honojs/hono). Updates `hono` from 4.12.18 to 4.12.24 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.18...v4.12.24) Updates `qs` from 6.15.0 to 6.15.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.15.0...v6.15.2) Updates `ws` from 8.20.0 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.20.0...8.21.0) Updates `hono` from 4.12.18 to 4.12.24 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.18...v4.12.24) Updates `qs` from 6.15.0 to 6.15.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.15.0...v6.15.2) Updates `ws` from 8.20.0 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.20.0...8.21.0) Updates `hono` from 4.12.15 to 4.12.24 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.18...v4.12.24) Updates `qs` from 6.15.0 to 6.15.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.15.0...v6.15.2) Updates `brace-expansion` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) Updates `hono` from 4.12.15 to 4.12.24 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.18...v4.12.24) Updates `qs` from 6.15.0 to 6.15.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.15.0...v6.15.2) Updates `brace-expansion` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) Updates `hono` from 4.12.15 to 4.12.24 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.18...v4.12.24) Updates `vitest` from 4.0.18 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `react-router` from 7.13.1 to 7.17.0 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.17.0/packages/react-router) Updates `vitest` from 4.0.18 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `ws` from 8.20.0 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.20.0...8.21.0) Updates `nuxt` from 4.4.2 to 4.4.6 - [Release notes](https://github.com/nuxt/nuxt/releases) - [Commits](https://github.com/nuxt/nuxt/commits/v4.4.6/packages/nuxt) Updates `brace-expansion` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) Updates `react-router` from 7.13.1 to 7.17.0 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.17.0/packages/react-router) Updates `brace-expansion` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) Updates `ws` from 8.20.0 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.20.0...8.21.0) Updates `svelte` from 5.53.12 to 5.56.3 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.56.3/packages/svelte) Updates `@sveltejs/kit` from 2.57.1 to 2.63.1 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.63.1/packages/kit) Updates `brace-expansion` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) Updates `vitest` from 4.0.18 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `@tanstack/start-server-core` from 1.166.9 to 1.169.14 - [Release notes](https://github.com/TanStack/router/releases) - [Changelog](https://github.com/TanStack/router/blob/main/packages/start-server-core/CHANGELOG.md) - [Commits](https://github.com/TanStack/router/commits/@tanstack/start-server-core@1.169.14/packages/start-server-core) Updates `brace-expansion` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) Updates `vitest` from 4.0.18 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `ws` from 8.19.0 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.20.0...8.21.0) Updates `js-cookie` from 3.0.5 to 3.0.8 - [Release notes](https://github.com/js-cookie/js-cookie/releases) - [Commits](js-cookie/js-cookie@v3.0.5...v3.0.8) Updates `brace-expansion` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) Updates `hono` from 4.12.15 to 4.12.24 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.18...v4.12.24) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.24 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.21.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.24 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.21.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.24 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.24 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.24 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: react-router dependency-version: 7.17.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.21.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nuxt dependency-version: 4.4.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: react-router dependency-version: 7.17.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.21.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.56.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@sveltejs/kit" dependency-version: 2.63.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@tanstack/start-server-core" dependency-version: 1.169.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.21.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-cookie dependency-version: 3.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.24 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026

dependabot Bot mentioned this pull request Jun 8, 2026

chore(deps): Bump the npm_and_yarn group across 16 directories with 11 updates #343

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the npm_and_yarn group across 16 directories with 11 updates#344

chore(deps): Bump the npm_and_yarn group across 16 directories with 11 updates#344
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/angular-spring-ui/npm_and_yarn-c6e820fa29

dependabot Bot commented on behalf of github Jun 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 8, 2026

v4.12.24

What's Changed

v4.12.23

What's Changed

v4.12.22

What's Changed

New Contributors

v4.12.21

Security fixes

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

IP Restriction bypasses static deny rules for non-canonical IPv6

6.15.2

6.15.1

8.21.0

Features

Bug fixes

8.20.1

v4.12.24

What's Changed

v4.12.23

What's Changed

v4.12.22

What's Changed

New Contributors

v4.12.21

Security fixes

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

IP Restriction bypasses static deny rules for non-canonical IPv6

6.15.2

6.15.1

8.21.0

Features

Bug fixes

8.20.1

v4.12.24

What's Changed

v4.12.23

What's Changed

v4.12.22

What's Changed

New Contributors

v4.12.21

Security fixes

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

IP Restriction bypasses static deny rules for non-canonical IPv6

6.15.2

6.15.1

v4.12.24

What's Changed

v4.12.23

What's Changed

v4.12.22

What's Changed

New Contributors

v4.12.21

Security fixes

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

IP Restriction bypasses static deny rules for non-canonical IPv6

6.15.2

6.15.1

v4.12.24

What's Changed

v4.12.23

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants