Bump the vue-npm-version group in /td.vue with 10 updates

[dependabot]

Bumps the vue-npm-version group in /td.vue with 10 updates:

Package	From	To
@vue/compat	3.5.30	3.5.32
axios	1.13.5	1.14.0
core-js	3.48.0	3.49.0
dotenv	17.3.1	17.4.1
vue	3.5.30	3.5.32
@vue/compiler-sfc	3.5.30	3.5.32
@wdio/cli	8.45.0	8.46.0
browserstack-cypress-cli	1.34.0	1.36.3
sass	1.64.2	1.99.0
webpack	5.105.2	5.105.4

Updates @vue/compat from 3.5.30 to 3.5.32

Release notes

Sourced from @​vue/compat's releases.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from @​vue/compat's changelog.

3.5.32 (2026-04-03)

Bug Fixes

• runtime-core: prevent currentInstance leak into sibling render during async setup re-entry (#14668) (f166353), closes #14667
• teleport: handle updates before deferred mount (#14642) (32b44f1), closes #14640
• types: allow customRef to have different getter/setter types (#14639) (e20ddb0)
• types: use private branding for shallowReactive (#14641) (302c47a), closes #14638 #14493

Reverts

• Revert "fix(server-renderer): cleanup component effect scopes after SSR render" (#14674) (219d83b), closes #14674 #14669

3.5.31 (2026-03-25)

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919
• compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431
• runtime-core: invalidate detached v-for memo vnodes after unmount (#14624) (560def4), closes #12708 #12710
• runtime-core: preserve nullish event handlers in mergeProps (#14550) (5725222)
• runtime-core: prevent merging model listener when value is null or undefined (#14629) (b39e032)
• runtime-dom: defer teleport mount/update until suspense resolves (#8619) (88ed045), closes #8603
• runtime-dom: handle activeElement check in Shadow DOM for v-model (#14196) (959ded2)
• server-renderer: cleanup component effect scopes after SSR render (#14548) (862f11e)
• suspense: avoid unmount activeBranch twice if wrapped in transition (#9392) (908c6ad), closes #7966
• suspense: update suspense vnode's el during branch self-update (#12922) (a2c1700), closes #12920
• transition: skip enter guard while hmr updating (#14611) (be0a2f1), closes #14608
• types: prevent shallowReactive marker from leaking into value unions (#14493) (3b561db), closes #14490

Commits

• 9a2eb53 release: v3.5.32
• 32b44f1 fix(teleport): handle updates before deferred mount (#14642)
• f166353 fix(runtime-core): prevent currentInstance leak into sibling render during as...
• 302c47a fix(types): use private branding for shallowReactive (#14641)
• e20ddb0 fix(types): allow customRef to have different getter/setter types (#14639)
• 219d83b Revert "fix(server-renderer): cleanup component effect scopes after SSR rende...
• fa23116 chore: fix typos in changelogs (#14653)
• 81615d3 release: v3.5.31
• 3b561db fix(types): prevent shallowReactive marker from leaking into value unions (#1...
• 1b2aca4 chore: ignore entities updates in renovate (#14630)
• Additional commits viewable in compare view

Updates axios from 1.13.5 to 1.14.0

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

• Runtime Features: No new end-user features were introduced in this release.
• Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

• Headers: Trim trailing CRLF in normalised header values. (#7456)
• HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
• Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)
• Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)
• CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

• Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)
• Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
• Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
• Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

• @​aviu16 (#7456)
• @​NETIZEN-11 (#7460)
• @​fedotov (#7457)
• @​nthbotast (#7478)
• @​veeceey (#7398)
• @​penkzhou (#7515)

Full Changelog: v1.13.6...v1.14.0

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

• React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
• Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

• Environment Compatibility:
  • Fixed module exports for React Native and Browserify environments. (#7386)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.14.0 — March 27, 2026

This release fixes a security vulnerability in the formidable dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.

🔒 Security Fixes

• Formidable Vulnerability: Upgraded formidable from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (#7533)

🐛 Bug Fixes

• CommonJS Compatibility: Restored require('axios') in Node.js by correcting the main field in package.json to point to the built CJS bundle. (#7532)

• Fetch Adapter: Cancel the ReadableStream body after the request stream capability probe to prevent resource leaks. (#7515)

• Proxy: Upgraded proxy-from-env to v2 and switched to the named getProxyForUrl export, fixing proxy detection from environment variables and resolving CJS bundling errors. (#7499)

• HTTP/2: Close detached HTTP/2 sessions on timeout to free resources when no new requests arrive. (#7457)

• Headers: Trim trailing CRLF characters from normalised header values. (#7456)

🔧 Maintenance & Chores

• Toolchain Modernisation: Migrated test suite to Vitest, updated ESLint to v10, upgraded Rollup and @rollup/plugin-babel, migrated to Husky 9, upgraded TypeScript to latest, and modernised the Express test harness. (#7484, #7489, #7498, #7505, #7506, #7507, #7508, #7509, #7510, #7516, #7522)

• Dependencies: Bumped multer to v2, minimatch, tar, pacote, @babel/preset-env, and additional dev dependencies. (#7453, #7480, #7491, #7504, #7517, #7531)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​penkzhou (#7515)
• @​aviu16 (#7456)
• @​fedotov (#7457)

Full Changelog

---

v1.13.6 — February 27, 2026

This release adds React Native Blob support, fixes several enumeration and export regressions, and patches FormData detection for WeChat Mini Program environments.

🚀 New Features

• React Native Blob Support: Axios now correctly handles native Blob objects in React Native environments. (#5764)

🐛 Bug Fixes

• AxiosError: Fixed AxiosError.from not copying the status field from the source error. (#7403)

... (truncated)

Commits

• 46bee3d chore(release): prepare release 1.14.0 (#10563)
• 518aff5 chore: add AI Moderator workflow for spam detection (#10551)
• b7dfda3 chore(sponsor): update sponsor block (#10557)
• 9aa34d5 fix: updated release flow to match the current flows (#10562)
• e9e5ebe Update packages to latest version (#10556)
• 4d8931c fix: formidable dependency vulnerable to arbitrary (#7533)
• 3a6f5c1 chore(deps-dev): bump @​babel/preset-env (#7531)
• bcfd299 fix: bug axios breaks commonjs compatibility main entry (#7532)
• d6dcbfd fix: dependabot uses the correct labels (#7530)
• 5dd7ba7 chore: upgrade to latest ts (#7522)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates core-js from 3.48.0 to 3.49.0

Changelog

Sourced from core-js's changelog.

3.49.0 - 2026.03.16

• Changes v3.48.0...v3.49.0 (373 commits)
• Iterator.range updated following the actual spec version
  • Throw a RangeError on NaN start / end / step
  • Allow null as optionOrStep
• Improved accuracy of Math.{ asinh, atanh } polyfills with big and small values
• Improved accuracy of Number.prototype.toExponential polyfills with big and small values
• Improved performance of atob, btoa, Uint8Array.fromHex, Uint8Array.prototype.setFromHex, and Uint8Array.prototype.toHex, #1503, #1464, #1510, thanks @​johnzhou721
• Minor performance optimization polyfills of methods from Map upsert proposal
• Polyfills of methods from Map upsert proposal from the pure version made generic to make it work with polyfilled and native collections
• Wrap Symbol.for in Symbol.prototype.description polyfill for correct handling of empty string descriptions
• Fixed a modern Safari bug in Array.prototype.includes with sparse arrays and fromIndex
• Fixed one more case (Iterator.prototype.take) of a V8 ~ Chromium < 126 bug
• Forced replacement of Iterator.{ concat, zip, zipKeyed } in the pure version for ensuring proper wrapped Iterator instances as the result
• Fixed proxying .return() on exhausted iterator from some methods of iterator helpers polyfill to the underlying iterator
• Fixed double .return() calling in case of throwing error in this method in the internal iterate helper that affected some polyfills
• Fixed closing iterator on IteratorValue errors in the internal iterate helper that affected some polyfills
• Fixed iterator closing in Array.from polyfill on failure to create array property
• Fixed order of arguments validation in Array.fromAsync polyfill
• Fixed a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync polyfill
• Fixed order of arguments validation in Array.prototype.flat polyfill
• Fixed handling strings as iterables in Iterator.{ zip, zipKeyed } polyfills
• Fixed some cases of iterators closing in Iterator.{ zip, zipKeyed } polyfills
• Fixed validation of iterators .next() results an objects in Iterator.{ zip, zipKeyed } polyfills
• Fixed a lack of early error in Iterator.concat polyfill on primitive as an iterator
• Fixed buffer mutation exposure in Iterator.prototype.windows polyfill
• Fixed iterator closing in Set.prototype.{ isDisjointFrom, isSupersetOf } polyfill
• Fixed (updated following the final spec) one more case Set.prototype.difference polyfill with updating this
• Fixed DataView.prototype.setFloat16 polyfill in (0, 1) range
• Fixed order of arguments validation in String.prototype.{ padStart, padEnd } polyfills
• Fixed order of arguments validation in String.prototype.{ startsWith, endsWith } polyfills
• Fixed some cases of Infinity handling in String.prototype.substr polyfill
• Fixed String.prototype.repeat polyfill with a counter exceeding 2 ** 32
• Fixed some cases of chars case in escape polyfill
• Fixed named backreferences in RegExp NCG polyfill
• Fixed some cases of RegExp NCG polyfill in combination with other types of groups
• Fixed some cases of RegExp NCG polyfill in combination with dotAll
• Fixed String.prototype.replace with sticky polyfill, #810, #1514
• Fixed RegExp sticky polyfill with alternation
• Fixed handling of some line terminators in case of multiline + sticky mode in RegExp polyfill
• Fixed .input slicing on result object with RegExp sticky mode polyfill
• Fixed handling of empty groups with global and unicode modes in polyfills
• Fixed URLSearchParam.prototype.delete polyfill with duplicate key-value pairs
• Fixed possible removal of unnecessary entries in URLSearchParam.prototype.delete polyfill with second argument
• Fixed an error in some cases of non-special URLs without a path in the URL polyfill
• Fixed some percent encode cases / character sets in the URL polyfill
• Fixed parsing of non-IPv4 hosts ends in a number in the URL polyfill
• Fixed some cases of '' and null host handling in the URL polyfill
• Fixed host parsing with hostname = host:port in the URL polyfill
• Fixed host inheritance in some cases of file scheme in the URL polyfill

... (truncated)

Commits

• 80adfc4 v3.49.0
• 0ad3e00 fix a modern Safari bug in Array.prototype.includes with sparse arrays and ...
• 853bfa4 update some links
• b4d723f fix a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync p...
• e276676 fix parsing of non-IPv4 hosts ends in a number in the URL polyfill
• dd1cfba fix order of arguments validation in String.prototype.{ padStart, padEnd } ...
• b952c5f add an extra protection to configurator
• e490caf Fix for #810 (#1514)
• 10b4e86 drop an unneeded comment
• 28cf2e9 feat: Improve performance of Uint8Array Hex functions (#1510)
• Additional commits viewable in compare view

Updates dotenv from 17.3.1 to 17.4.1

Changelog

Sourced from dotenv's changelog.

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

Commits

• 48aa216 17.4.1
• e4282b0 changelog 🪵
• c540e75 Merge pull request #1006 from motdotla/skills-update
• 5626f9b dotenvx skill
• 2411f2a update dotenvx skill
• 1e08a70 simplify dotenv skill
• 747f417 Merge pull request #1005 from motdotla/injected
• 271df30 changelog 🪵
• 3f01a8b injecting to injected
• ccc50d5 update
• Additional commits viewable in compare view

Updates vue from 3.5.30 to 3.5.32

Release notes

Sourced from vue's releases.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.32 (2026-04-03)

Bug Fixes

• runtime-core: prevent currentInstance leak into sibling render during async setup re-entry (#14668) (f166353), closes #14667
• teleport: handle updates before deferred mount (#14642) (32b44f1), closes #14640
• types: allow customRef to have different getter/setter types (#14639) (e20ddb0)
• types: use private branding for shallowReactive (#14641) (302c47a), closes #14638 #14493

Reverts

• Revert "fix(server-renderer): cleanup component effect scopes after SSR render" (#14674) (219d83b), closes #14674 #14669

3.5.31 (2026-03-25)

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919
• compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431
• runtime-core: invalidate detached v-for memo vnodes after unmount (#14624) (560def4), closes #12708 #12710
• runtime-core: preserve nullish event handlers in mergeProps (#14550) (5725222)
• runtime-core: prevent merging model listener when value is null or undefined (#14629) (b39e032)
• runtime-dom: defer teleport mount/update until suspense resolves (#8619) (88ed045), closes #8603
• runtime-dom: handle activeElement check in Shadow DOM for v-model (#14196) (959ded2)
• server-renderer: cleanup component effect scopes after SSR render (#14548) (862f11e)
• suspense: avoid unmount activeBranch twice if wrapped in transition (#9392) (908c6ad), closes #7966
• suspense: update suspense vnode's el during branch self-update (#12922) (a2c1700), closes #12920
• transition: skip enter guard while hmr updating (#14611) (be0a2f1), closes #14608
• types: prevent shallowReactive marker from leaking into value unions (#14493) (3b561db), closes #14490

Commits

• 9a2eb53 release: v3.5.32
• 32b44f1 fix(teleport): handle updates before deferred mount (#14642)
• f166353 fix(runtime-core): prevent currentInstance leak into sibling render during as...
• 302c47a fix(types): use private branding for shallowReactive (#14641)
• e20ddb0 fix(types): allow customRef to have different getter/setter types (#14639)
• 219d83b Revert "fix(server-renderer): cleanup component effect scopes after SSR rende...
• fa23116 chore: fix typos in changelogs (#14653)
• 81615d3 release: v3.5.31
• 3b561db fix(types): prevent shallowReactive marker from leaking into value unions (#1...
• 1b2aca4 chore: ignore entities updates in renovate (#14630)
• Additional commits viewable in compare view

Updates @vue/compiler-sfc from 3.5.30 to 3.5.32

Release notes

Sourced from @​vue/compiler-sfc's releases.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from @​vue/compiler-sfc's changelog.

3.5.32 (2026-04-03)

Bug Fixes

• runtime-core: prevent currentInstance leak into sibling render during async setup re-entry (#14668) (f166353), closes #14667
• teleport: handle updates before deferred mount (#14642) (32b44f1), closes #14640
• types: allow customRef to have different getter/setter types (#14639) (e20ddb0)
• types: use private branding for shallowReactive (#14641) (302c47a), closes #14638 #14493

Reverts

• Revert "fix(server-renderer): cleanup component effect scopes after SSR render" (#14674) (219d83b), closes #14674 #14669

3.5.31 (2026-03-25)

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919
• compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431
• runtime-core: invalidate detached v-for memo vnodes after unmount (#14624) (560def4), closes #12708 #12710
• runtime-core: preserve nullish event handlers in mergeProps (#14550) (5725222)
• runtime-core: prevent merging model listener when value is null or undefined (#14629) (b39e032)
• runtime-dom: defer teleport mount/update until suspense resolves (#8619) (88ed045), closes #8603
• runtime-dom: handle activeElement check in Shadow DOM for v-model (#14196) (959ded2)
• server-renderer: cleanup component effect scopes after SSR render (#14548) (862f11e)
• suspense: avoid unmount activeBranch twice if wrapped in transition (#9392) (908c6ad), closes #7966
• suspense: update suspense vnode's el during branch self-update (#12922) (a2c1700), closes #12920
• transition: skip enter guard while hmr updating (#14611) (be0a2f1), closes #14608
• types: prevent shallowReactive marker from leaking into value unions (#14493) (3b561db), closes #14490

Commits

• 9a2eb53 release: v3.5.32
• 81615d3 release: v3.5.31
• 7a4bf3c chore(deps): update all non-major dependencies (#14577)
• 95c3356 fix(compiler-sfc): allow Node.js subpath imports patterns in asset urls (#13045)
• bd7eef0 fix(compiler-sfc): support template literal as defineModel name (#14622)
• See full diff in compare view

Updates @wdio/cli from 8.45.0 to 8.46.0

Release notes

Sourced from @​wdio/cli's releases.

v8.46.0 (2025-08-11)

🚀 New Feature

• wdio-browserstack-service
  • #14665 Add ignore hooks support for v8 (@​xxshubhamxx)

💅 Polish

• wdio-browserstack-service
  • #14676 A11y targeted scans v8 (@​xxshubhamxx)
• wdio-utils
  • #14635 feat: do not attach prefs when debuggerAddress is specified (v8) (@​uladhsi)

Committers: 2

• Shubham Garg (@​xxshubhamxx)
• @​uladhsi

Changelog

Sourced from @​wdio/cli's changelog.

v8.46.0 (2025-08-11)

🚀 New Feature

• wdio-browserstack-service
  • #14665 Add ignore hooks support for v8 (@​xxshubhamxx)

💅 Polish

• wdio-browserstack-service
  • #14676 A11y targeted scans v8 (@​xxshubhamxx)
• wdio-utils
  • #14635 feat: do not attach prefs when debuggerAddress is specified (v8) (@​uladhsi)

Committers: 2

• Shubham Garg (@​xxshubhamxx)
• @​uladhsi

Commits

• 8f55727 v8.46.0
• See full diff in compare view

Updates browserstack-cypress-cli from 1.34.0 to 1.36.3

Release notes

Sourced from browserstack-cypress-cli's releases.

Public Beta v1.36.3

Highlighted Changes 🥳 ❇️ [TRA] Add assertion level logs detection and Cucumber step definition browserstack/browserstack-cypress-cli#1055

browserstack/browserstack-cypress-cli@v1.36.2...v1.36.3

Public Beta v1.36.2

Highlighted Changes 🥳 🐛 [Automate] Fix auto_import_dev_dependencies capability conflicts browserstack/browserstack-cypress-cli#1048

browserstack/browserstack-cypress-cli@v1.36.1...v1.36.2

Public Beta v1.36.1

Highlighted Changes 🥳 🐛 [TRA] Fix 'https-proxy-agent' library exceptions when multiple breaking versions present on the dependency tree #1045

browserstack/browserstack-cypress-cli@v1.36.0...v1.36.1

Public Beta v1.36.0

Highlighted Changes 🥳

❇️ [TRA] Improved Cypress browser patching to limit support file patches to only required files browserstack/browserstack-cypress-cli#1030 🐛 [TRA] Fix 'EAADRINUSE: address already in use ...' for multiple spec file executions browserstack/browserstack-cypress-cli#1029

browserstack/browserstack-cypress-cli@v1.35.0...v1.36.0

Public Beta v1.35.0

Highlighted Changes 🥳

❇️ [TRA] Added support for linking reports generated through products on Common Automation Dashboard (CAD) #1021

browserstack/browserstack-cypress-cli@v1.34.0...v1.35.0

Commits

• 570c8f7 Merge pull request #1055 from browserstack/SDK-4928
• b273c02 Added displayName field for step-definition
• 4c57f3b Early return for no timestamp
• c0544ed Merge branch 'master' into master
• fca13f9 Check for cypress version 13 or more
• b90804d Merge pull request #1052 from avinash-bharti/add-package-lock-json
• 1089749 PR review changes
• 593249e Added Cucumber/Gherkin step detection and assertion logging for test observab...
• e5931fe 1.36.2
• f1774c7 Merge pull request #1048 from browserstack/fix_auto_import_capability_conflicts
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by browserstack-admin, a new releaser for browserstack-cypress-cli since your current version.

Updates sass from 1.64.2 to 1.99.0

Release notes

Sourced from sass's releases.

Dart Sass 1.99.0

To install Sass 1.99.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

• User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

• User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally inten...

  Description has been truncated

[lreading]

Letting it bake to avoid supply chain attacks.

I'll continue to look into the cooldown configs and see if they are working better with the new dependabot config.
See also: #1566 (comment)