chore(deps): bump the npm_and_yarn group across 6 directories with 31 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: postcss and shell-quote.
Bumps the npm_and_yarn group with 13 updates in the /blog directory:

Package	From	To
ajv	6.12.6	6.15.0
yaml	1.10.2	1.10.3
lodash	4.17.21	4.18.1
micromatch	4.0.7	4.0.8
shell-quote	1.8.1	1.8.4
estree-util-value-to-estree	3.1.2	3.5.0
follow-redirects	1.15.6	1.16.0
image-size	1.1.1	1.2.1
launch-editor	2.8.0	2.14.1
mdast-util-to-hast	13.2.0	13.2.1
node-forge	1.3.1	1.4.0
svgo	3.3.2	3.3.3
webpack-dev-server	4.15.2	5.2.4

Bumps the npm_and_yarn group with 2 updates in the /cli directory: shell-quote and esbuild.
Bumps the npm_and_yarn group with 1 update in the /cli-releases/frontend directory: markdown-it.
Bumps the npm_and_yarn group with 2 updates in the /docs directory: postcss and shell-quote.
Bumps the npm_and_yarn group with 2 updates in the /frontend directory: tar and markdown-it.

Updates postcss from 8.5.9 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

Changelog

Sourced from postcss's changelog.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

Commits

• eae46db Release 8.5.15 version
• 79508ff Update CI actions
• b128e21 Speed up declaration parsing by avoiding creating new array on each token
• 9825dca Fix code format
• 55789c8 Update dependencies
• 84fbbe9 Install older pnpm action for old Node.js
• 9f860bd Revert pnpm action for old Node.js
• 0877198 Update CI actions
• b2d1a33 Fix linter warnings
• 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
• Additional commits viewable in compare view

Updates shell-quote from 1.8.3 to 1.8.4

Changelog

Sourced from shell-quote's changelog.

v1.8.4 - 2026-05-22

Commits

• [Fix] quote: validate object-token shapes 4378a6e
• [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, npmignore 22ebec0
• [Tests] increase coverage 9f3caa3
• [readme] replace runkit CI badge with shields.io check-runs badge 3344a04
• [Dev Deps] update @ljharb/eslint-config 699c511

Commits

• ff166e2 v1.8.4
• 4378a6e [Fix] quote: validate object-token shapes
• 22ebec0 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, `npmig...
• 9f3caa3 [Tests] increase coverage
• 3344a04 [readme] replace runkit CI badge with shields.io check-runs badge
• 699c511 [Dev Deps] update @ljharb/eslint-config
• See full diff in compare view

Updates ajv from 6.12.6 to 6.15.0

Commits

• 184bc32 6.15.0
• fea46af test/fix prototype pollution via $data ref with format keyword (#2606)
• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• See full diff in compare view

Updates yaml from 1.10.2 to 1.10.3

Commits

• cfe8f04 1.10.3
• 7abcf45 fix: Catch stack overflow during CST composition
• a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
• a5e83b0 style: Apply updates Prettier rules
• b8ddca0 chore: Refresh lockfile
• 395f892 ci: Use a different (working) submodule checkout
• 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
• See full diff in compare view

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
• lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

• Add security notice for _.template in threat model and API docs (#6099)
• Document lower > upper behavior in _.random (#6115)
• Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

• lodash.orderby
• lodash.tonumber
• lodash.trim
• lodash.trimend
• lodash.sortedindexby
• lodash.zipobjectdeep
• lodash.unset
• lodash.omit
• lodash.template

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
• 75535f5 chore: prune stale advisory refs (#6170)
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
• 59be2de release(minor): bump to 4.18.0 (#6161)
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
• b819080 ci: add dist sync validation workflow (#6137)
• Additional commits viewable in compare view

Updates micromatch from 4.0.7 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.12

Release notes

Sourced from nanoid's releases.

3.3.12

• Fixed breaking Nano ID by requesting big ID.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.12

• Fixed breaking Nano ID by requesting big ID.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• aa9c399 Release 3.3.12 version
• b0036ed Backport fix to CommonJS version too
• 08a19a4 Update test
• 821dfed Backport pool breaking fix
• 609646c Fix CI
• 37289ce Release 3.3.11 version
• 23690b7 Fix CI
• c147962 Fix RN support
• a83734e Move to manually ESM/CJS dual package
• bb12e8a Release 3.3.10 version
• Additional commits viewable in compare view

Updates postcss from 8.4.39 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

Changelog

Sourced from postcss's changelog.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

Commits

• eae46db Release 8.5.15 version
• 79508ff Update CI actions
• b128e21 Speed up declaration parsing by avoiding creating new array on each token
• 9825dca Fix code format
• 55789c8 Update dependencies
• 84fbbe9 Install older pnpm action for old Node.js
• 9f860bd Revert pnpm action for old Node.js
• 0877198 Update CI actions
• b2d1a33 Fix linter warnings
• 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
• Additional commits viewable in compare view

Updates shell-quote from 1.8.1 to 1.8.4

Changelog

Sourced from shell-quote's changelog.

v1.8.4 - 2026-05-22

Commits

• [Fix] quote: validate object-token shapes 4378a6e
• [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, npmignore 22ebec0
• [Tests] increase coverage 9f3caa3
• [readme] replace runkit CI badge with shields.io check-runs badge 3344a04
• [Dev Deps] update @ljharb/eslint-config 699c511

Commits

• ff166e2 v1.8.4
• 4378a6e [Fix] quote: validate object-token shapes
• 22ebec0 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, `npmig...
• 9f3caa3 [Tests] increase coverage
• 3344a04 [readme] replace runkit CI badge with shields.io check-runs badge
• 699c511 [Dev Deps] update @ljharb/eslint-config
• See full diff in compare view

Updates @babel/helpers from 7.24.7 to 7.29.7

Release notes

Sourced from @​babel/helpers's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

• babel-generator
  • #18014 Catchup source map position in preserveFormat (@​nicolo-ribaudo)
• babel-core
  • #18001 [7.x packport]Improve input source map handling (@​JLHwung)
• babel-core, babel-generator
  • #17998 Preserve original identifier names from input sourcemaps (#17992) (@​Andarist)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Mateusz Burzyński (@​Andarist)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.29.5 (2026-05-05)

🏠 Internal

• babel-preset-env
  • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

• babel-parser
  • #17923 Support flow extends bound (@​JLHwung)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
• babel-register
  • #17915 Fix thread synchronization issues in @babel/register (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env
  • #17788 Add bugfix plugin for Safari array rest destructuring bug (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• 4fba754 v7.29.7
• 37d5595 v7.29.2
• 1c0a08d [7.x backport] fix: Properly handle await in finally (#17805)
• d7f4008 v7.28.6
• 99dcba5 chore: enable some ts-eslint rules (#17592)
• c1b55f6 Use eslint.config.mts (#17573)
• 35055e3 v7.28.4
• 18d88b8 Improve @​babel/core typings (#17471)
• ef155f5 v7.28.3
• 741cbd2 chore: fix various typos across codebase (#17476)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/helpers since your current version.

Updates @babel/plugin-transform-modules-systemjs from 7.24.7 to 7.29.7

Release notes

Sourced from @​babel/plugin-transform-modules-systemjs's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

• babel-generator
  • #18014 Catchup source map position in preserveFormat (@​nicolo-ribaudo)
• babel-core
  • #18001 [7.x packport]Improve input source map handling (@​JLHwung)
• babel-core, babel-generator
  • #17998 Preserve original identifier names from input sourcemaps (#17992) (@​Andarist)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Mateusz Burzyński (@​Andarist)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.29.5 (2026-05-05)

🏠 Internal

• babel-preset-env
  • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

• babel-parser
  • #17923 Support flow extends bound (@​JLHwung)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
• babel-register
  • #17915 Fix thread synchronization issues in @babel/register (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env
  • #17788 Add bugfix plugin for Safari array rest destructuring bug (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• 4fba754 v7.29.7
• a458f66 v7.29.4
• 32ebd5a [7.x backport]fix(systemjs): improve module string name support (#17974)
• aa8394e v7.29.0
• 0053db6 Update polyfill packages (#17727)
• 61647ae v7.28.5
• a177d55 [Babel 8] Use t.traverseFast to replace some path.traverse (#17518)
• eebd3a0 v7.27.1
• 317e332 Enforce node protocol import (#17207)
• fdc0fb5 [Babel 8] Bump nodejs requirements to ^20.19.0 || >= 22.12.0 (#17204)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/plugin-transform-modules-systemjs since your current version.

Updates body-parser from 1.20.2 to 1.20.5

Release notes

Sourced from body-parser's releases.

v1.20.5

What's Changed

The reason for this release is a fix to the extended urlencoded parser returning objects instead of arrays for large array inputs (> 100) on qs@6.14.2+. (expressjs/body-parser#716)

• refactor(json): simplify strict mode error string construction by @​jonchurch in expressjs/body-parser#692
• fix: correct off-by-one error in parameterCount by @​abhu85 in expressjs/body-parser#716
• deps(qs): bump qs to 6.15.1 by @​jonchurch in expressjs/body-parser#722
• Release: 1.20.5 by @​jonchurch in expressjs/body-parser#721

New Contributors

• @​abhu85 made their first contribution in expressjs/body-parser#716

Special thanks to triager @​krzysdz for keeping this on our radar and effectively triaging the specific issue!

Full Changelog: expressjs/body-parser@1.20.4...1.20.5

1.20.4

What's Changed

• Remove redundant depth check by @​blakeembrey in expressjs/body-parser#538
• ci: add support for Node.js v23 by @​Phillip9587 in expressjs/body-parser#553
• ci: restore CI for 1.x branch by @​bjohansebas in expressjs/body-parser#665
• deps: qs@^6.14.0 by @​bjohansebas in expressjs/body-parser#664
• deps: use tilde notation and update certain dependencies by @​Phillip9587 in expressjs/body-parser#668
• chore: remove SECURITY.md by @​Phillip9587 in expressjs/body-parser#669
• ci: add CodeQL (SAST) by @​Phillip9587 in expressjs/body-parser#670
• Release: 1.20.4 by @​UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.5 / 2026-04-24

• refactor(json): simplify strict mode error string construction
• fix: extended urlencoded parsing of arrays with >100 elements (#716)
• deps: qs@~6.15.1

1.20.4 / 2025-12-01

• deps: qs@~6.14.0
• deps: use tilde notation for dependencies
• deps: http-errors@~2.0.1
• deps: raw-body@~2.5.3

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

• 0defdbe release(patch): 1.20.5
• cd0e7a0 deps(qs): bump qs to 6.15.1
• 6f24d7e fix: correct off-by-one error in parameterCount (#716)
• b849bd5 deps: qs@~6.14.1 (#690)
• 2c55e2f refactor(json): simplify strict mode error string construction (#692)
• 7db202c 1.20.4 (#672)
• d8f8adb ci: add CodeQL (SAST) (#670)
• 6d133c1 chore: remove SECURITY.md (#669)
• fcd1535 deps: use tilde notation and update certain dependencies (#668)
• ec5fa29 deps: qs@~6.14.0 (#664)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for body-parser since your current version.

Updates cookie from 0.6.0 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

• Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

Commits

• d19eaa1 0.7.2
• bc38ffd Fix object assignment of hasOwnProperty (#177)
• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates estree-util-value-to-estree from 3.1.2 to 3.5.0

Release notes

Sourced from estree-util-value-to-estree's releases.

v3.5.0

• af5a2bd Add support for serializing custom values in remcohaszing/estree-util-value-to-estree#6
• ec6da00 Allow passing undefined as any option

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.4.1...v3.5.0

v3.4.1

• 87309dc Use OIDC for publishing
• 8b3ea8d Update Temporal support

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.4.0...v3.4.1

v3.4.0

• 23b636f Declare there are no side effects in package.json
• 471b4fe Add support for Float16Array

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.3.3...v3.4.0

v3.3.3

• 652e019 Use singular Object.defineProperty if possible
• d0c394f Fix __proto__ property emit

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.3.2...v3.3.3

v3.3.2

• 6ecf349 Move @js-temporal/polyfill to devDependencies

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.3.1...v3.3.2

v3.3.1

• 1c1eb66 Don’t crash if Temporal is undefined

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.3.0...v3.3.1

v3.3.0

• 014536b Add support for Temporal types

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.2.1...v3.3.0

v3.2.1

Fix publishing

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.2.0...v3.2.1

v3.2.0

• 33d7a80 Preserve property descriptors.
• e3fb668 Add support for well-known symbols.

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.1.2...v3.2.0

Commits

• c845e04 3.5.0
• 2f6a020 Stricten tsconfig.json
• ec6da00 Allow passing undefined as any option
• af5a2bd Add support for serializing custom values (#6)
• ecac810 Fix a typo
• aa90de2 3.4.1
• 87309dc Use OIDC for publishing
• db5911c Use Node.js 24 in CI
• 4e2914e Update the readme
• 8b3ea8d Update Temporal support
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for estree-util-value-to-estree since your current version.

Updates express from 4.19.2 to 4.22.2

Release notes

Sourced from express's releases.

v4.22.2

What's Changed

• fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
  • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
• deps: qs@~6.15.1
• deps: body-parser@~1.20.5

New Contributors

• @​suuuuuuminnnnnn made their first contribution in expressjs/express#7021
• @​SAY-5 made their first contribution in expressjs/express#7181

Full ChangelogDescription has been truncated