Commit 748e3c0
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump the npm_and_yarn group across 2 directories with 4 updates (#750)
Bumps the npm_and_yarn group with 3 updates in the / directory:
[node-forge](https://github.com/digitalbazaar/forge),
[picomatch](https://github.com/micromatch/picomatch) and
[yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 3 updates in the /docs directory:
[picomatch](https://github.com/micromatch/picomatch),
[yaml](https://github.com/eemeli/yaml) and
[astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).
Updates `node-forge` from 1.3.2 to 1.4.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md">node-forge's
changelog</a>.</em></p>
<blockquote>
<h2>1.4.0 - 2026-03-24</h2>
<h3>Security</h3>
<ul>
<li><strong>HIGH</strong>: Denial of Service in
<code>BigInteger.modInverse()</code>
<ul>
<li>A Denial of Service (DoS) vulnerability exists due to an infinite
loop in
the <code>BigInteger.modInverse()</code> function (inherited from the
bundled jsbn
library). When <code>modInverse()</code> is called with a zero value as
input, the
internal Extended Euclidean Algorithm enters an unreachable exit
condition,
causing the process to hang indefinitely and consume 100% CPU.</li>
<li>Reported by Kr0emer.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2026-33891">CVE-2026-33891</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx">GHSA-5gfm-wpxj-wjgq</a></li>
</ul>
</li>
<li><strong>HIGH</strong>: Signature forgery in RSA-PKCS due to ASN.1
extra field.
<ul>
<li>RSASSA PKCS#1 v1.5 signature verification accepts forged signatures
for low
public exponent keys (e=3). Attackers can forge signatures by stuffing
"garbage" bytes within the ASN.1 structure in order to
construct a
signature that passes verification, enabling Bleichenbacher style
forgery.
This issue is similar to CVE-2022-24771, but adds bytes in an addition
field within the ASN.1 structure, rather than outside of it.</li>
<li>Additionally, forge does not validate that signatures include a
minimum of
8 bytes of padding as defined by the specification, providing attackers
additional space to construct Bleichenbacher forgeries.</li>
<li>Reported as part of a U.C. Berkeley security research project by:
<ul>
<li>Austin Chu, Sohee Kim, and Corban Villa.</li>
</ul>
</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2026-33894">CVE-2026-33894</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp">GHSA-ppp5-5v6c-4jwp</a></li>
</ul>
</li>
<li><strong>HIGH</strong>: Signature forgery in Ed25519 due to missing S
< L check.
<ul>
<li>Ed25519 signature verification accepts forged non-canonical
signatures
where the scalar S is not reduced modulo the group order (S >= L). A
valid
signature and its S + L variant both verify in forge, while Node.js
crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by
the
specification. This class of signature malleability has been exploited
in
practice to bypass authentication and authorization logic (see
CVE-2026-25793, CVE-2022-35961). Applications relying on signature
uniqueness (i.e., dedup by signature bytes, replay tracking,
signed-object
canonicalization checks) may be bypassed.</li>
<li>Reported as part of a U.C. Berkeley security research project by:
<ul>
<li>Austin Chu, Sohee Kim, and Corban Villa.</li>
</ul>
</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2026-33895">CVE-2026-33895</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw">GHSA-q67f-28xg-22rw</a></li>
</ul>
</li>
<li><strong>HIGH</strong>: <code>basicConstraints</code> bypass in
certificate chain verification.
<ul>
<li><code>pki.verifyCertificateChain()</code> does not enforce RFC 5280
<code>basicConstraints</code>
requirements when an intermediate certificate lacks both the
<code>basicConstraints</code> and <code>keyUsage</code> extensions. This
allows any leaf
certificate (without these extensions) to act as a CA and sign other
certificates, which node-forge will accept as valid.</li>
<li>Reported by Doruk Tan Ozturk (<a
href="https://github.com/peaktwilight"><code>@peaktwilight</code></a>)
- doruk.ch</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2026-33896">CVE-2026-33896</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25">GHSA-2328-f5f3-gj25</a></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a"><code>fa385f9</code></a>
Release 1.4.0.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339"><code>07d4e16</code></a>
Update changelog.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e"><code>cb90fd9</code></a>
Update changelog.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711"><code>963e7c5</code></a>
Add unit test for "pseudonym"</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446"><code>f0b6f5b</code></a>
Add pseudonym OID</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9"><code>3df48a3</code></a>
Fix missing CVE ID.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90"><code>2e49283</code></a>
Add x509 <code>basicConstraints</code> check.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85"><code>bdecf11</code></a>
Add canonical signature scaler check for S < L.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0"><code>af094e6</code></a>
Add RSA padding and DigestInfo length checks.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0"><code>796eeb1</code></a>
Improve jsbn fix.</li>
<li>Additional commits viewable in <a
href="https://github.com/digitalbazaar/forge/compare/v1.3.2...v1.4.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `picomatch` from 2.3.1 to 2.3.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/releases">picomatch's
releases</a>.</em></p>
<blockquote>
<h2>2.3.2</h2>
<p>This is a security release fixing several security relevant
issues.</p>
<h2>What's Changed</h2>
<ul>
<li>fix: exception when glob pattern contains constructor by <a
href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a
href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's
changelog</a>.</em></p>
<blockquote>
<h1>Release history</h1>
<p><strong>All notable changes to this project will be documented in
this file.</strong></p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<!-- raw HTML omitted -->
<ul>
<li>Changelogs are for humans, not machines.</li>
<li>There should be an entry for every single version.</li>
<li>The same types of changes should be grouped.</li>
<li>Versions and sections should be linkable.</li>
<li>The latest version comes first.</li>
<li>The release date of each versions is displayed.</li>
<li>Mention whether you follow Semantic Versioning.</li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p>Changelog entries are classified using the following labels <em>(from
<a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p>
<ul>
<li><code>Added</code> for new features.</li>
<li><code>Changed</code> for changes in existing functionality.</li>
<li><code>Deprecated</code> for soon-to-be removed features.</li>
<li><code>Removed</code> for now removed features.</li>
<li><code>Fixed</code> for any bug fixes.</li>
<li><code>Security</code> in case of vulnerabilities.</li>
</ul>
<!-- raw HTML omitted -->
<h2>4.0.0 (2024-02-07)</h2>
<h3>Fixes</h3>
<ul>
<li>Fix bad text values in parse <a
href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>,
thanks to <a
href="https://github.com/connor4312"><code>@connor4312</code></a></li>
</ul>
<h3>Changed</h3>
<ul>
<li>Remove process global to work outside of node <a
href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>,
thanks to <a
href="https://github.com/styfle"><code>@styfle</code></a></li>
<li>Add sideEffects to package.json <a
href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>,
thanks to <a
href="https://github.com/frandiox"><code>@frandiox</code></a></li>
<li>Removed <code>os</code>, make compatible browser environment. See <a
href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>,
thanks to <a
href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li>
</ul>
<h2>3.0.1</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a>
Publish 2.3.2</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a>
from micromatch/backport-144</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a>
from Jason3S/jdent-object-properties</li>
<li>See full diff in <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `yaml` from 2.8.1 to 2.8.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/eemeli/yaml/releases">yaml's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.3</h2>
<ul>
<li>Add <code>trailingComma</code> ToString option for multiline flow
formatting (<a
href="https://redirect.github.com/eemeli/yaml/issues/670">#670</a>)</li>
<li>Catch stack overflow during node composition (1e84ebb)</li>
</ul>
<h2>v2.8.2</h2>
<ul>
<li>Serialize -0 as -0 (<a
href="https://redirect.github.com/eemeli/yaml/issues/638">#638</a>)</li>
<li>Do not double newlines for empty map values (<a
href="https://redirect.github.com/eemeli/yaml/issues/642">#642</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387"><code>ce14587</code></a>
2.8.3</li>
<li><a
href="https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b"><code>1e84ebb</code></a>
fix: Catch stack overflow during node composition</li>
<li><a
href="https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5"><code>6b24090</code></a>
ci: Include Prettier check in lint action</li>
<li><a
href="https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d"><code>9424dee</code></a>
chore: Refresh lockfile</li>
<li><a
href="https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef"><code>d1aca82</code></a>
Add trailingComma ToString option for multiline flow formatting (<a
href="https://redirect.github.com/eemeli/yaml/issues/670">#670</a>)</li>
<li><a
href="https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41"><code>4321509</code></a>
ci: Drop the branch filter from GitHub PR actions</li>
<li><a
href="https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847"><code>47207d0</code></a>
chore: Update docs-slate</li>
<li><a
href="https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d"><code>5212fae</code></a>
chore: Update docs-slate</li>
<li><a
href="https://github.com/eemeli/yaml/commit/086fa6b5bae325da18734750cddee231ce578930"><code>086fa6b</code></a>
2.8.2</li>
<li><a
href="https://github.com/eemeli/yaml/commit/95f01e98032ddf199b42bb3ba0737303b35ef752"><code>95f01e9</code></a>
chore: Add funding to package.json</li>
<li>Additional commits viewable in <a
href="https://github.com/eemeli/yaml/compare/v2.8.1...v2.8.3">compare
view</a></li>
</ul>
</details>
<br />
Updates `picomatch` from 4.0.3 to 4.0.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/releases">picomatch's
releases</a>.</em></p>
<blockquote>
<h2>2.3.2</h2>
<p>This is a security release fixing several security relevant
issues.</p>
<h2>What's Changed</h2>
<ul>
<li>fix: exception when glob pattern contains constructor by <a
href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a
href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's
changelog</a>.</em></p>
<blockquote>
<h1>Release history</h1>
<p><strong>All notable changes to this project will be documented in
this file.</strong></p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<!-- raw HTML omitted -->
<ul>
<li>Changelogs are for humans, not machines.</li>
<li>There should be an entry for every single version.</li>
<li>The same types of changes should be grouped.</li>
<li>Versions and sections should be linkable.</li>
<li>The latest version comes first.</li>
<li>The release date of each versions is displayed.</li>
<li>Mention whether you follow Semantic Versioning.</li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p>Changelog entries are classified using the following labels <em>(from
<a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p>
<ul>
<li><code>Added</code> for new features.</li>
<li><code>Changed</code> for changes in existing functionality.</li>
<li><code>Deprecated</code> for soon-to-be removed features.</li>
<li><code>Removed</code> for now removed features.</li>
<li><code>Fixed</code> for any bug fixes.</li>
<li><code>Security</code> in case of vulnerabilities.</li>
</ul>
<!-- raw HTML omitted -->
<h2>4.0.0 (2024-02-07)</h2>
<h3>Fixes</h3>
<ul>
<li>Fix bad text values in parse <a
href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>,
thanks to <a
href="https://github.com/connor4312"><code>@connor4312</code></a></li>
</ul>
<h3>Changed</h3>
<ul>
<li>Remove process global to work outside of node <a
href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>,
thanks to <a
href="https://github.com/styfle"><code>@styfle</code></a></li>
<li>Add sideEffects to package.json <a
href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>,
thanks to <a
href="https://github.com/frandiox"><code>@frandiox</code></a></li>
<li>Removed <code>os</code>, make compatible browser environment. See <a
href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>,
thanks to <a
href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li>
</ul>
<h2>3.0.1</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a>
Publish 2.3.2</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a>
from micromatch/backport-144</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a>
from Jason3S/jdent-object-properties</li>
<li>See full diff in <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `picomatch` from 2.3.1 to 2.3.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/releases">picomatch's
releases</a>.</em></p>
<blockquote>
<h2>2.3.2</h2>
<p>This is a security release fixing several security relevant
issues.</p>
<h2>What's Changed</h2>
<ul>
<li>fix: exception when glob pattern contains constructor by <a
href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a
href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's
changelog</a>.</em></p>
<blockquote>
<h1>Release history</h1>
<p><strong>All notable changes to this project will be documented in
this file.</strong></p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<!-- raw HTML omitted -->
<ul>
<li>Changelogs are for humans, not machines.</li>
<li>There should be an entry for every single version.</li>
<li>The same types of changes should be grouped.</li>
<li>Versions and sections should be linkable.</li>
<li>The latest version comes first.</li>
<li>The release date of each versions is displayed.</li>
<li>Mention whether you follow Semantic Versioning.</li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p>Changelog entries are classified using the following labels <em>(from
<a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p>
<ul>
<li><code>Added</code> for new features.</li>
<li><code>Changed</code> for changes in existing functionality.</li>
<li><code>Deprecated</code> for soon-to-be removed features.</li>
<li><code>Removed</code> for now removed features.</li>
<li><code>Fixed</code> for any bug fixes.</li>
<li><code>Security</code> in case of vulnerabilities.</li>
</ul>
<!-- raw HTML omitted -->
<h2>4.0.0 (2024-02-07)</h2>
<h3>Fixes</h3>
<ul>
<li>Fix bad text values in parse <a
href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>,
thanks to <a
href="https://github.com/connor4312"><code>@connor4312</code></a></li>
</ul>
<h3>Changed</h3>
<ul>
<li>Remove process global to work outside of node <a
href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>,
thanks to <a
href="https://github.com/styfle"><code>@styfle</code></a></li>
<li>Add sideEffects to package.json <a
href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>,
thanks to <a
href="https://github.com/frandiox"><code>@frandiox</code></a></li>
<li>Removed <code>os</code>, make compatible browser environment. See <a
href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>,
thanks to <a
href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li>
</ul>
<h2>3.0.1</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a>
Publish 2.3.2</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a>
from micromatch/backport-144</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a>
from Jason3S/jdent-object-properties</li>
<li>See full diff in <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `yaml` from 2.7.1 to 2.8.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/eemeli/yaml/releases">yaml's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.3</h2>
<ul>
<li>Add <code>trailingComma</code> ToString option for multiline flow
formatting (<a
href="https://redirect.github.com/eemeli/yaml/issues/670">#670</a>)</li>
<li>Catch stack overflow during node composition (1e84ebb)</li>
</ul>
<h2>v2.8.2</h2>
<ul>
<li>Serialize -0 as -0 (<a
href="https://redirect.github.com/eemeli/yaml/issues/638">#638</a>)</li>
<li>Do not double newlines for empty map values (<a
href="https://redirect.github.com/eemeli/yaml/issues/642">#642</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387"><code>ce14587</code></a>
2.8.3</li>
<li><a
href="https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b"><code>1e84ebb</code></a>
fix: Catch stack overflow during node composition</li>
<li><a
href="https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5"><code>6b24090</code></a>
ci: Include Prettier check in lint action</li>
<li><a
href="https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d"><code>9424dee</code></a>
chore: Refresh lockfile</li>
<li><a
href="https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef"><code>d1aca82</code></a>
Add trailingComma ToString option for multiline flow formatting (<a
href="https://redirect.github.com/eemeli/yaml/issues/670">#670</a>)</li>
<li><a
href="https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41"><code>4321509</code></a>
ci: Drop the branch filter from GitHub PR actions</li>
<li><a
href="https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847"><code>47207d0</code></a>
chore: Update docs-slate</li>
<li><a
href="https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d"><code>5212fae</code></a>
chore: Update docs-slate</li>
<li><a
href="https://github.com/eemeli/yaml/commit/086fa6b5bae325da18734750cddee231ce578930"><code>086fa6b</code></a>
2.8.2</li>
<li><a
href="https://github.com/eemeli/yaml/commit/95f01e98032ddf199b42bb3ba0737303b35ef752"><code>95f01e9</code></a>
chore: Add funding to package.json</li>
<li>Additional commits viewable in <a
href="https://github.com/eemeli/yaml/compare/v2.8.1...v2.8.3">compare
view</a></li>
</ul>
</details>
<br />
Updates `astro` from 5.16.0 to 5.18.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/withastro/astro/releases">astro's
releases</a>.</em></p>
<blockquote>
<h2>astro@5.18.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/withastro/astro/commit/c2cd371f9f2003ab8c9ce70a24fc0af40c5de531"><code>c2cd371</code></a>]:
<ul>
<li><code>@astrojs/internal-helpers</code><a
href="https://github.com/0"><code>@0</code></a>.7.6</li>
<li><code>@astrojs/markdown-remark</code><a
href="https://github.com/6"><code>@6</code></a>.3.11</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/withastro/astro/blob/astro@5.18.1/packages/astro/CHANGELOG.md">astro's
changelog</a>.</em></p>
<blockquote>
<h2>5.18.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/withastro/astro/commit/c2cd371f9f2003ab8c9ce70a24fc0af40c5de531"><code>c2cd371</code></a>]:
<ul>
<li><code>@astrojs/internal-helpers</code><a
href="https://github.com/0"><code>@0</code></a>.7.6</li>
<li><code>@astrojs/markdown-remark</code><a
href="https://github.com/6"><code>@6</code></a>.3.11</li>
</ul>
</li>
</ul>
<h2>5.18.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/15589">#15589</a>
<a
href="https://github.com/withastro/astro/commit/b7dd447e319a7b435c01ccd69347e5261bd9dc14"><code>b7dd447</code></a>
Thanks <a href="https://github.com/qzio"><code>@qzio</code></a>! - Adds
a new <code>security.actionBodySizeLimit</code> option to configure the
maximum size of Astro Actions request bodies.</p>
<p>This lets you increase the default 1 MB limit when your actions need
to accept larger payloads. For example, actions that handle file uploads
or large JSON payloads can now opt in to a higher limit.</p>
<p>If you do not set this option, Astro continues to enforce the 1 MB
default to help prevent abuse.</p>
<pre lang="js"><code>// astro.config.mjs
export default defineConfig({
security: {
actionBodySizeLimit: 10 * 1024 * 1024, // set to 10 MB
},
});
</code></pre>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/withastro/astro/pull/15594">#15594</a>
<a
href="https://github.com/withastro/astro/commit/efae11cef1ebe1f2f54ceb55db0d1ff1938351c6"><code>efae11c</code></a>
Thanks <a href="https://github.com/qzio"><code>@qzio</code></a>! - Fix
X-Forwarded-Proto validation when allowedDomains includes both protocol
and hostname fields. The protocol check no longer fails due to hostname
mismatch against the hardcoded test URL.</li>
</ul>
<h2>5.17.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/15564">#15564</a>
<a
href="https://github.com/withastro/astro/commit/522f880b07a4ea7d69a19b5507fb53a5ed6c87f8"><code>522f880</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@matthewp</code></a>! - Add a
default body size limit for server actions to prevent oversized requests
from exhausting memory.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/15569">#15569</a>
<a
href="https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9"><code>e01e98b</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@matthewp</code></a>! -
Respect image allowlists when inferring remote image sizes and reject
remote redirects.</p>
</li>
</ul>
<h2>5.17.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://github.com/withastro/astro/commit/c13b536197a70d8d4fd0037c5bd3aaa2be0598b9"><code>c13b536</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@matthewp</code></a>! -
Improves Host header handling for SSR deployments behind proxies</li>
</ul>
<h2>5.17.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/withastro/astro/pull/15334">#15334</a>
<a
href="https://github.com/withastro/astro/commit/d715f1f88777a4ce0fb61c8043cccfbac2486ab4"><code>d715f1f</code></a>
Thanks <a
href="https://github.com/florian-lefebvre"><code>@florian-lefebvre</code></a>!
- <strong>BREAKING CHANGE to the experimental Fonts API
only</strong></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/withastro/astro/commit/434d9cc7eed62e6324bd922865f5c29136f3474c"><code>434d9cc</code></a>
[ci] release (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15829">#15829</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/c2cd371f9f2003ab8c9ce70a24fc0af40c5de531"><code>c2cd371</code></a>
fix(helpers): Backport remote patterns segments fix (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15828">#15828</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/011f06106531419f27ce53d0641a3e6ef9db5108"><code>011f061</code></a>
[ci] release (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15597">#15597</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/efae11cef1ebe1f2f54ceb55db0d1ff1938351c6"><code>efae11c</code></a>
fix: X-Forwarded-Proto rejected when allowedDomains includes protocol…
(<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15594">#15594</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/751ccf06fab3f1f8e157873354f91f7282a5a1ca"><code>751ccf0</code></a>
Update actionBodySizeLimit changeset and make minor (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15600">#15600</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/b7dd447e319a7b435c01ccd69347e5261bd9dc14"><code>b7dd447</code></a>
make actionBodySizeLimit configurable (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15589">#15589</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/e0f1a2b3e4bc908bd5e148c698efb6f41a42c8ea"><code>e0f1a2b</code></a>
[ci] release (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15571">#15571</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/522f880b07a4ea7d69a19b5507fb53a5ed6c87f8"><code>522f880</code></a>
Limit action request body size (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15564">#15564</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/436962a639ad7d606ed19c97b42d2466117e3fc4"><code>436962a</code></a>
chore: Upgrade Vite and esbuild (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15554">#15554</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9"><code>e01e98b</code></a>
Respect remote image allowlists (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/15569">#15569</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/withastro/astro/commits/astro@5.18.1/packages/astro">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/pnp/vscode-viva/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Adam-it <adam.wojcik.it@gmail.com>1 parent a8395ba commit 748e3c0
4 files changed
Lines changed: 689 additions & 244 deletions
0 commit comments