Bump the npm_and_yarn group across 5 directories with 10 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
astro	5.13.7	5.16.6
vitest	2.1.6	2.1.9
undici	5.28.5	5.29.0
undici	6.21.1	6.22.0
form-data	4.0.1	4.0.5
js-yaml	3.14.1	3.14.2
mdast-util-to-hast	13.2.0	13.2.1
tmp	0.0.33	0.2.5

Bumps the npm_and_yarn group with 1 update in the /.github/actions/label-size directory: esbuild.
Bumps the npm_and_yarn group with 1 update in the /.github/actions/label-products directory: esbuild.
Bumps the npm_and_yarn group with 2 updates in the /.github/actions/issue-label-assign directory: cross-spawn and esbuild.
Bumps the npm_and_yarn group with 2 updates in the /.github/actions/assign-pr directory: cross-spawn and esbuild.

Updates astro from 5.13.7 to 5.16.6

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #14982 6849e38 Thanks @​Princesseuh! - Fixes images outside the project directory not working when using astro:assets in development mode

• #14987 9dd9fca Thanks @​Princesseuh! - Fixes SVGs not working in dev mode when using the passthrough image service

• #15014 a178422 Thanks @​delucis! - Adds support for extending the type of the props accepted by Astro’s <Image> component, <Picture> component, and getImage() API.

[email protected]

Patch Changes

• #14985 c016f10 Thanks @​florian-lefebvre! - Fixes a case where JSDoc annotations wouldn't show for fonts related APIs in the Astro config

• #14973 ed7cc2f Thanks @​amankumarpandeyin! - Fixes performance regression and OOM errors when building medium-sized blogs with many content entries. Replaced O(n²) object spread pattern with direct mutation in generateLookupMap.

• #14958 70eb542 Thanks @​ascorbic! - Gives a helpful error message if a user sets output: "hybrid" in their Astro config.

  The option was removed in Astro 5, but lots of content online still references it, and LLMs often suggest it. It's not always clear that the replacement is output: "static", rather than output: "server". This change adds a helpful error message to guide humans and robots.

• #14901 ef53716 Thanks @​Darknab! - Updates the glob() loader to log a warning when duplicated IDs are detected

• Updated dependencies [d8305f8]:

  • @​astrojs/markdown-remark@​6.3.10

[email protected]

Patch Changes

• #14940 2cf79c2 Thanks @​ematipico! - Fixes a bug where Astro didn't properly combine CSP resources from the csp configuration with those added using the runtime API (Astro.csp.insertDirective()) to form grammatically correct CSP headers

  Now Astro correctly deduplicate CSP resources. For example, if you have a global resource in the configuration file, and then you add a a new one using the runtime APIs.

[email protected]

Patch Changes

• #14889 4bceeb0 Thanks @​florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

• #14929 e0f277d Thanks @​matthewp! - Fixes authentication bypass via double URL encoding in middleware

  Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

[email protected]

Patch Changes

• #14876 b43dc7f Thanks @​florian-lefebvre! - Fixes a vite warning log during builds when using npm

• #14884 10273e0 Thanks @​florian-lefebvre! - Fixes a case where setting the status of a page to 404 in ssr would show an empty page (or 404.astro page if provided) instead of using the current page

[email protected]

... (truncated)

Changelog

Sourced from astro's changelog.

5.16.6

Patch Changes

• #14982 6849e38 Thanks @​Princesseuh! - Fixes images outside the project directory not working when using astro:assets in development mode

• #14987 9dd9fca Thanks @​Princesseuh! - Fixes SVGs not working in dev mode when using the passthrough image service

• #15014 a178422 Thanks @​delucis! - Adds support for extending the type of the props accepted by Astro’s <Image> component, <Picture> component, and getImage() API.

5.16.5

Patch Changes

• #14985 c016f10 Thanks @​florian-lefebvre! - Fixes a case where JSDoc annotations wouldn't show for fonts related APIs in the Astro config

• #14973 ed7cc2f Thanks @​amankumarpandeyin! - Fixes performance regression and OOM errors when building medium-sized blogs with many content entries. Replaced O(n²) object spread pattern with direct mutation in generateLookupMap.

• #14958 70eb542 Thanks @​ascorbic! - Gives a helpful error message if a user sets output: "hybrid" in their Astro config.

  The option was removed in Astro 5, but lots of content online still references it, and LLMs often suggest it. It's not always clear that the replacement is output: "static", rather than output: "server". This change adds a helpful error message to guide humans and robots.

• #14901 ef53716 Thanks @​Darknab! - Updates the glob() loader to log a warning when duplicated IDs are detected

• Updated dependencies [d8305f8]:

  • @​astrojs/markdown-remark@​6.3.10

5.16.4

Patch Changes

• #14940 2cf79c2 Thanks @​ematipico! - Fixes a bug where Astro didn't properly combine CSP resources from the csp configuration with those added using the runtime API (Astro.csp.insertDirective()) to form grammatically correct CSP headers

  Now Astro correctly deduplicate CSP resources. For example, if you have a global resource in the configuration file, and then you add a a new one using the runtime APIs.

5.16.3

Patch Changes

• #14889 4bceeb0 Thanks @​florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

• #14929 e0f277d Thanks @​matthewp! - Fixes authentication bypass via double URL encoding in middleware

  Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

5.16.2

Patch Changes

... (truncated)

Commits

• 0343993 [ci] release (#14997)
• a178422 Support extending the image API props type (#15014)
• 8cdaa00 [ci] format
• 9dd9fca fix(assets): Fixes missing format option for svgs in the passthrough service ...
• 6849e38 fix(assets): support images outside of the project in dev (#14982)
• 02c19eb [ci] release (#14959)
• ed7cc2f fix: prevent O(n²) memory allocation in content lookup map generation (#14973)
• c016f10 fix(fonts): jsdocs (#14985)
• ef53716 fix(content): warn on duplicate Markdown content entry IDs (#14901)
• 70eb542 feat: print a more helpful error message for output: hybrid (#14958)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for astro since your current version.

Updates vitest from 2.1.6 to 2.1.9

Release notes

Sourced from vitest's releases.

v2.1.9

This release includes security patches for:

• Browser mode serves arbitrary files | CVE-2025-24963
• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport vitest-dev/vitest#7317 to v2 - by @​hi-ogawa in vitest-dev/vitest#7318
• (backport #7340 to v2) restrict served files from /__screenshot-error - by @​hi-ogawa in vitest-dev/vitest#7343

    View changes on GitHub

v2.1.8

   🐞 Bug Fixes

• Support Node 21  -  by @​sheremet-va (92f7a)

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

• Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
  • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.

    View changes on GitHub

Commits

• c9e59a0 chore: release v2.1.9
• e0fe1d8 fix: backport #7317 to v2 (#7318)
• d69cc75 bump: 2.1.8
• 92f7a2a fix: support Node 21
• 81ed45b chore: release v2.1.7
• fbe5c39 fix: revert support for Vite 6
• See full diff in compare view

Updates undici from 5.28.5 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

• Fix tests in v5.x for Node 20 by @​mcollina in nodejs/undici#4104
• Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

Commits

• 9528f68 Bumped v5.29.0
• f1d75a4 increase timeout for redirect test
• 2d31ed6 remove fuzzing tests
• 6b36d49 fix redirect test in Node v16
• 648dd8f more fix for the wpt runner on Windows
• a0516ba don't use internal header state for cookies (#3295)
• 87ce4af fix test/client for node 20
• c2c8fd5 fix: accept v20 SSL specific error for alpn selection in http/2
• 82200bd [v6.x] fix wpts on windows (#4093)
• 47546fa test: fix windows wpt (#4050)
• Additional commits viewable in compare view

Updates undici from 6.21.1 to 6.22.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

• Fix tests in v5.x for Node 20 by @​mcollina in nodejs/undici#4104
• Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

Commits

• 9528f68 Bumped v5.29.0
• f1d75a4 increase timeout for redirect test
• 2d31ed6 remove fuzzing tests
• 6b36d49 fix redirect test in Node v16
• 648dd8f more fix for the wpt runner on Windows
• a0516ba don't use internal header state for cookies (#3295)
• 87ce4af fix test/client for node 20
• c2c8fd5 fix: accept v20 SSL specific error for alpn selection in http/2
• 82200bd [v6.x] fix wpts on windows (#4093)
• 47546fa test: fix windows wpt (#4050)
• Additional commits viewable in compare view

Updates form-data from 4.0.1 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

• [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
• [Dev Deps] update @ljharb/eslint-config, eslint 5822467
• [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

... (truncated)

Commits

• 68ff7dd v4.0.5
• 5822467 [Dev Deps] update @ljharb/eslint-config, eslint
• 76d0dee [Fix] set Symbol.toStringTag in the proper place
• 16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
• 41996f5 v4.0.4
• 316c82b [meta] actually ensure the readme backup isn’t published
• 2300ca1 [meta] fix readme capitalization
• 811f682 [meta] add auto-changelog
• 5e34080 [Tests] fix linting errors
• 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
• Additional commits viewable in compare view

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• See full diff in compare view

Updates mdast-util-to-hast from 13.2.0 to 13.2.1

Release notes

Sourced from mdast-util-to-hast's releases.

13.2.1

Fix

• ab3a795 Fix support for spaces in class names

Types

• efb5312 Refactor to use @imports
• a5bc210 Add declaration maps

Full Changelog: syntax-tree/mdast-util-to-hast@13.2.0...13.2.1

Commits

• 174795b 13.2.1
• 3d05b3a Update Node in Actions
• ab3a795 Fix support for spaces in class names
• efb5312 Refactor to use @imports
• a5bc210 Add declaration maps
• b54955d Add .tsbuildinfo to .gitignore
• See full diff in compare view

Updates tmp from 0.0.33 to 0.2.5

Changelog

Sourced from tmp's changelog.

v0.2.2 (2024-02-28)

🐛 Bug Fix

• #278 Closes #268: Revert "fix #246: remove any double quotes or single quotes… (@​mbargiel)

📝 Documentation

• #279 Closes #266: move paragraph on graceful cleanup to the head of the documentation (@​silkentrance)

Committers: 5

• Carsten Klein (@​silkentrance)
• Dave Nicolson (@​dnicolson)
• KARASZI István (@​raszi)
• Maxime Bargiel (@​mbargiel)
• @​robertoaceves

v0.2.1 (2020-04-28)

🚀 Enhancement

• #252 Closes #250: introduce tmpdir option for overriding the system tmp dir (@​silkentrance)

🏠 Internal

• #253 Closes #191: generate changelog from pull requests using lerna-changelog (@​silkentrance)

Committers: 1

• Carsten Klein (@​silkentrance)

v0.2.0 (2020-04-25)

🚀 Enhancement

• #234 feat: stabilize tmp for v0.2.0 release (@​silkentrance)

🐛 Bug Fix

• #231 Closes #230: regression after fix for #197 (@​silkentrance)
• #220 Closes #197: return sync callback when using the sync interface, otherwise return the async callback (@​silkentrance)
• #193 Closes #192: tmp must not exit the process on its own (@​silkentrance)

📝 Documentation

• #221 Gh 206 document name option (@​silkentrance)

🏠 Internal

• #226 Closes #212: enable direct name option test (@​silkentrance)
• #225 Closes #211: existing tests must clean up after themselves (@​silkentrance)
• #224 Closes #217: name tests must use tmpName (@​silkentrance)
• #223 Closes #214: refactor tests and lib (@​silkentrance)
• #198 Update dependencies to latest versions (@​matsev)

... (truncated)

Commits

• 3d2fe38 Bump up the version
• e162828 Merge pull request #309 from fflorent/fix-tmp-dir-with-dir
• b847d2f Fix use of tmp.dir() with dir option
• 08fa3ab Update version
• 1cf4ec5 Merge commit from fork
• 188b25e Fix GHSA-52f5-9888-hmc6
• 73b9fe4 Add test case for GHSA-52f5-9888-hmc6
• b8e2f29 Remove broken tests
• 2892a02 Remove outdated URL
• f592318 Reformat package.json
• Additional commits viewable in compare view

Updates vite from 6.3.6 to 5.4.21

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

• fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970
• chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

• fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736
• fix: port [email protected] changes to [email protected] (#20737) (4f1c35b), closes #20737

5.4.19 (2025-04-30)

• fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

• fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

• fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

• fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

• fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

... (truncated)

Commits

• adce3c2 release: v5.4.21
• cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
• ca88ed7 chore: update CHANGELOG
• 997700f release: v5.4.20
• 482000f fix: apply fs.strict check to HTML files (#20736)
• 80a333a release: v5.4.19
• 766947e fix: backport #19965, check static serve file inside sirv (#19966)
• 731b77d release: v5.4.18
• 823675b fix: backport #19830, reject requests with # in request-target (#19831)
• 0a2518a release: v5.4.17
• Additional commits viewable in compare view

Updates esbuild from 0.14.39 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */
    .parent {
      > .a,
      > .b1 > .b2 {
        color: red;
      }
    }
    /* Old output (with --supported:nesting=false) */
    .parent > :is(.a, .b1 > .b2) {
    color: red;
    }
    /* New output (with --supported:nesting=false) */
    .parent > .a,
    .parent > .b1 > .b2 {
    color: red;
    }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the...

    Description has been truncated