Migrate pynvml to cuda.core.system by mdboom · Pull Request #255 · rapidsai/jupyterlab-nvdashboard

mdboom · 2026-04-27T22:04:02Z

Migrates from pynvml.py to the new Cython/cybind-based cuda.core.system.

Note that I was able to test this locally and it works, but I have not tested it on an NvLink system, so there may be issues there.

[RELEASE] v0.2.1

REL - [skip-ci] Sync main with master

Release 0.6.0

[RELEASE] v0.7 jupyterlab-nvdashboard

Update update-version.sh

[RELEASE] v0.8.0

[RELEASE] v0.9

[RELEASE] v0.10.0

Release v0.12.0

[RELEASE] v0.13.0

copy-pr-bot · 2026-04-27T22:04:05Z

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

…da.core.system

gforsyth

Thanks @mdboom! Question about which version bounds are correct -- we should make sure they're consistent across documentation the various toml files.

gforsyth

Thanks @mdboom !

ncclementi · 2026-05-27T15:08:26Z

 - rapidsai-nightly
 - conda-forge
 dependencies:
+- cuda-bindings>=12.9.6,!=13.0.*,!=13.1.*


I haven't tested this yet. But I have a similar concern that what I expressed in the rapids-cli PR.

Becasue of the dependencies in cuda-binding and cuda-core, this upgrades dependencies from other libraries that are install and can cause several issues, in particular when pytorch is installed.

I'm not sure this is a good idea.

Left a comment over in rapids-cli. Hopefully we can somehow coerce everything to require at least 12.9.6 without too much pain. If we get there, this is fine. In the meantime, I agree, let's hold off on merging this.

xref: rapids-cli response rapidsai/rapids-cli#146 (comment)

merge branch-0.14 into 'main'

@jameslamb

- Closes rapidsai#267 @jameslamb I took a crack at this, but I'm not sure if this is the right path. Any feedback is appreciated. Authors: - Naty Clementi (https://github.com/ncclementi) Approvers: - James Lamb (https://github.com/jameslamb) URL: rapidsai#271

…sai#273) Bumps the npm-and-yarn group with 21 updates in the / directory: | Package | From | To | | --- | --- | --- | | [webpack](https://github.com/webpack/webpack) | `5.88.2` | `5.104.1` | | [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.29.0` | `7.29.7` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.23.1` | `7.29.7` | | [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.8` | | [flatted](https://github.com/WebReflection/flatted) | `3.2.9` | `3.4.2` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` | | [ip-address](https://github.com/beaugunderson/ip-address) | `10.1.0` | `10.2.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [mermaid](https://github.com/mermaid-js/mermaid) | `11.12.2` | `11.15.0` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.12` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [postcss](https://github.com/postcss/postcss) | `8.4.30` | `8.5.15` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` | | [tar](https://github.com/isaacs/node-tar) | `7.5.7` | `7.5.16` | | [ws](https://github.com/websockets/ws) | `8.14.2` | `8.21.0` | Updates `webpack` from 5.88.2 to 5.104.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack/releases">webpack's releases</a>.</em></p> <blockquote> <h2>v5.104.1</h2> <h2>5.104.1</h2> <h3>Patch Changes</h3> <ul> <li>2efd21b: Reexports runtime calculation should not accessing <strong>WEBPACK_IMPORT_KEY</strong> decl with var.</li> <li>c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.</li> </ul> <h2>v5.104.0</h2> <h2>5.104.0</h2> <h3>Minor Changes</h3> <ul> <li>d3dd841: Use method shorthand to render module content in <code>__webpack_modules__</code> object.</li> <li>d3dd841: Enhance <code>import.meta.env</code> to support object access.</li> <li>4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.</li> <li>04cd530: Handle more at-rules for CSS modules.</li> <li>cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.</li> <li>d3dd841: Added <code>base64url</code>, <code>base62</code>, <code>base58</code>, <code>base52</code>, <code>base49</code>, <code>base36</code>, <code>base32</code> and <code>base25</code> digests.</li> <li>5983843: Provide a stable runtime function variable <code>__webpack_global__</code>.</li> <li>d3dd841: Improved <code>localIdentName</code> hashing for CSS.</li> </ul> <h3>Patch Changes</h3> <ul> <li>22c48fb: Added module existence check for informative error message in development mode.</li> <li>50689e1: Use the fully qualified class name (or export name) for <code>[fullhash]</code> placeholder in CSS modules.</li> <li>d3dd841: Support universal lazy compilation.</li> <li>d3dd841: Fixed module library export definitions when multiple runtimes.</li> <li>d3dd841: Fixed CSS nesting and CSS custom properties parsing.</li> <li>d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.</li> <li>aab1da9: Fixed bugs for <code>css/global</code> type.</li> <li>d3dd841: Compatibility <code>import.meta.filename</code> and <code>import.meta.dirname</code> with <code>eval</code> devtools.</li> <li>d3dd841: Handle nested <code>__webpack_require__</code>.</li> <li>728ddb7: The speed of identifier parsing has been improved.</li> <li>0f8b31b: Improve types.</li> <li>d3dd841: Don't corrupt <code>debugId</code> injection when <code>hidden-source-map</code> is used.</li> <li>2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.</li> <li>d3dd841: Serialize <code>HookWebpackError</code>.</li> <li>d3dd841: Added ability to use built-in properties in dotenv and define plugin.</li> <li>3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.</li> <li>d3dd841: Reduce collision for local indent name in CSS.</li> <li>d3dd841: Remove CSS link tags when CSS imports are removed.</li> </ul> <h2>v5.103.0</h2> <h3>Features</h3> <ul> <li>Added <code>DotenvPlugin</code> and top level <code>dotenv</code> option to enable this plugin</li> <li>Added <code>WebpackManifestPlugin</code></li> <li>Added support the <code>ignoreList</code> option in devtool plugins</li> <li>Allow to use custom javascript parse function</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack/blob/main/CHANGELOG.md">webpack's changelog</a>.</em></p> <blockquote> <h2>5.104.1</h2> <h3>Patch Changes</h3> <ul> <li>2efd21b: Reexports runtime calculation should not accessing <strong>WEBPACK_IMPORT_KEY</strong> decl with var.</li> <li>c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.</li> </ul> <h2>5.104.0</h2> <h3>Minor Changes</h3> <ul> <li>d3dd841: Use method shorthand to render module content in <code>__webpack_modules__</code> object.</li> <li>d3dd841: Enhance <code>import.meta.env</code> to support object access.</li> <li>4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.</li> <li>04cd530: Handle more at-rules for CSS modules.</li> <li>cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.</li> <li>d3dd841: Added <code>base64url</code>, <code>base62</code>, <code>base58</code>, <code>base52</code>, <code>base49</code>, <code>base36</code>, <code>base32</code> and <code>base25</code> digests.</li> <li>5983843: Provide a stable runtime function variable <code>__webpack_global__</code>.</li> <li>d3dd841: Improved <code>localIdentName</code> hashing for CSS.</li> </ul> <h3>Patch Changes</h3> <ul> <li>22c48fb: Added module existence check for informative error message in development mode.</li> <li>50689e1: Use the fully qualified class name (or export name) for <code>[fullhash]</code> placeholder in CSS modules.</li> <li>d3dd841: Support universal lazy compilation.</li> <li>d3dd841: Fixed module library export definitions when multiple runtimes.</li> <li>d3dd841: Fixed CSS nesting and CSS custom properties parsing.</li> <li>d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.</li> <li>aab1da9: Fixed bugs for <code>css/global</code> type.</li> <li>d3dd841: Compatibility <code>import.meta.filename</code> and <code>import.meta.dirname</code> with <code>eval</code> devtools.</li> <li>d3dd841: Handle nested <code>__webpack_require__</code>.</li> <li>728ddb7: The speed of identifier parsing has been improved.</li> <li>0f8b31b: Improve types.</li> <li>d3dd841: Don't corrupt <code>debugId</code> injection when <code>hidden-source-map</code> is used.</li> <li>2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.</li> <li>d3dd841: Serialize <code>HookWebpackError</code>.</li> <li>d3dd841: Added ability to use built-in properties in dotenv and define plugin.</li> <li>3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.</li> <li>d3dd841: Reduce collision for local indent name in CSS.</li> <li>d3dd841: Remove CSS link tags when CSS imports are removed.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc"><code>24e3c2d</code></a> chore(release): new release (<a href="https://redirect.github.com/webpack/webpack/issues/20253">#20253</a>)</li> <li><a href="https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5"><code>2efd21b</code></a> fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...</li> <li><a href="https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf"><code>c510070</code></a> fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris</li> <li><a href="https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963"><code>4b0501c</code></a> ci: fix release (<a href="https://redirect.github.com/webpack/webpack/issues/20252">#20252</a>)</li> <li><a href="https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171"><code>0c213ce</code></a> ci: use <code>\<@&1450591255485743204></code> over <code>@here</code> for discord notificationw</li> <li><a href="https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a"><code>5bf8bc5</code></a> refactor: types for benchmarks and tests</li> <li><a href="https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b"><code>505a5e7</code></a> chore(release): new release (<a href="https://redirect.github.com/webpack/webpack/issues/20188">#20188</a>)</li> <li><a href="https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2"><code>0c06680</code></a> refactor: update eslint configuration</li> <li><a href="https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb"><code>2eb0d6a</code></a> ci: release announcement (<a href="https://redirect.github.com/webpack/webpack/issues/20238">#20238</a>)</li> <li><a href="https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b"><code>b2b2459</code></a> ci: cancel in progress (<a href="https://redirect.github.com/webpack/webpack/issues/20239">#20239</a>)</li> <li>Additional commits viewable in <a href="https://github.com/webpack/webpack/compare/v5.88.2...v5.104.1">compare view</a></li> </ul> </details> <details> <summary>Install script changes</summary> <p>This version modifies <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Updates `@babel/plugin-transform-modules-systemjs` from 7.29.0 to 7.29.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases">@babel/plugin-transform-modules-systemjs's releases</a>.</em></p> <blockquote> <h2>v7.29.7 (2026-05-25)</h2> <p>Re-release all packages with npm provenance attestations</p> <h2>v7.29.6 (2026-05-25)</h2> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/18014">#18014</a> Catchup source map position in preserveFormat (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/18001">#18001</a> [7.x packport]Improve input source map handling (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code>, <code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17998">#17998</a> Preserve original identifier names from input sourcemaps (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992">#17992</a>) (<a href="https://github.com/Andarist"><code>@Andarist</code></a>)</li> </ul> </li> </ul> <h4>Committers: 3</h4> <ul> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Mateusz Burzyński (<a href="https://github.com/Andarist"><code>@Andarist</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> <h2>v7.29.5 (2026-05-05)</h2> <h4>:house: Internal</h4> <ul> <li><code>babel-preset-env</code> <ul> <li>Update <code>@babel/*</code> dependencies</li> </ul> </li> </ul> <h2>v7.29.4 (2026-05-05)</h2> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-plugin-transform-modules-systemjs</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17974">#17974</a> [7.x backport]fix(systemjs): improve module string name support (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>Committers: 1</h4> <ul> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> <h2>v7.29.3 (2026-04-30)</h2> <h4>:eyeglasses: Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17923">#17923</a> Support flow extends bound (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-helper-create-class-features-plugin</code>, <code>babel-plugin-proposal-decorators</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17931">#17931</a> fix(decorators): replace super within all removed static elements (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-register</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17915">#17915</a> Fix thread synchronization issues in <code>@babel/register</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-compat-data</code>, <code>babel-plugin-bugfix-safari-rest-destructuring-rhs-array</code>, <code>babel-preset-env</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17788">#17788</a> Add bugfix plugin for Safari array rest destructuring bug (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>:nail_care: Polish</h4> <ul> <li><code>babel-parser</code></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090"><code>4fba754</code></a> v7.29.7</li> <li><a href="https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b"><code>a458f66</code></a> v7.29.4</li> <li><a href="https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9"><code>32ebd5a</code></a> [7.x backport]fix(systemjs): improve module string name support (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974">#17974</a>)</li> <li>See full diff in <a href="https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs">compare view</a></li> </ul> </details> <br /> Updates `@babel/runtime` from 7.23.1 to 7.29.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases">@babel/runtime's releases</a>.</em></p> <blockquote> <h2>v7.29.7 (2026-05-25)</h2> <p>Re-release all packages with npm provenance attestations</p> <h2>v7.29.6 (2026-05-25)</h2> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/18014">#18014</a> Catchup source map position in preserveFormat (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/18001">#18001</a> [7.x packport]Improve input source map handling (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code>, <code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17998">#17998</a> Preserve original identifier names from input sourcemaps (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17992">#17992</a>) (<a href="https://github.com/Andarist"><code>@Andarist</code></a>)</li> </ul> </li> </ul> <h4>Committers: 3</h4> <ul> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Mateusz Burzyński (<a href="https://github.com/Andarist"><code>@Andarist</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> <h2>v7.29.5 (2026-05-05)</h2> <h4>:house: Internal</h4> <ul> <li><code>babel-preset-env</code> <ul> <li>Update <code>@babel/*</code> dependencies</li> </ul> </li> </ul> <h2>v7.29.4 (2026-05-05)</h2> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-plugin-transform-modules-systemjs</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17974">#17974</a> [7.x backport]fix(systemjs): improve module string name support (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>Committers: 1</h4> <ul> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> <h2>v7.29.3 (2026-04-30)</h2> <h4>:eyeglasses: Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17923">#17923</a> Support flow extends bound (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>:bug: Bug Fix</h4> <ul> <li><code>babel-helper-create-class-features-plugin</code>, <code>babel-plugin-proposal-decorators</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17931">#17931</a> fix(decorators): replace super within all removed static elements (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-register</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17915">#17915</a> Fix thread synchronization issues in <code>@babel/register</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-compat-data</code>, <code>babel-plugin-bugfix-safari-rest-destructuring-rhs-array</code>, <code>babel-preset-env</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17788">#17788</a> Add bugfix plugin for Safari array rest destructuring bug (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>:nail_care: Polish</h4> <ul> <li><code>babel-parser</code></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090"><code>4fba754</code></a> v7.29.7</li> <li><a href="https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31"><code>37d5595</code></a> v7.29.2</li> <li><a href="https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17"><code>d7f4008</code></a> v7.28.6</li> <li><a href="https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f"><code>35055e3</code></a> v7.28.4</li> <li><a href="https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2"><code>ef155f5</code></a> v7.28.3</li> <li><a href="https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6"><code>cac0ff4</code></a> v7.28.2</li> <li><a href="https://github.com/babel/babel/commit/f68ac511f091f6d1f698e8ce59cd668d3bfc6102"><code>f68ac51</code></a> chore: Avoid CITGM errors (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17382">#17382</a>)</li> <li><a href="https://github.com/babel/babel/commit/baa4cb8b9f8a551d7dae9042b19ea2f74df6b110"><code>baa4cb8</code></a> v7.27.6</li> <li><a href="https://github.com/babel/babel/commit/7d069309fdfcedda2928a043f6f7c98135c1242a"><code>7d06930</code></a> v7.27.4</li> <li><a href="https://github.com/babel/babel/commit/5b9468d9bf1ab4f427241673e9f03593da115a69"><code>5b9468d</code></a> Reduce <code>regenerator</code> size more (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17287">#17287</a>)</li> <li>Additional commits viewable in <a href="https://github.com/babel/babel/commits/v7.29.7/packages/babel-runtime">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@babel/runtime</code> since your current version.</p> </details> <br /> Updates `@tootallnate/once` from 2.0.0 to 2.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/TooTallNate/once/releases">@tootallnate/once's releases</a>.</em></p> <blockquote> <h2>v2.0.1</h2> <h3>Patch Changes</h3> <ul> <li>a1e5e2d: Fix promise hang when AbortSignal is aborted</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md">@tootallnate/once's changelog</a>.</em></p> <blockquote> <h2>2.0.1</h2> <h3>Patch Changes</h3> <ul> <li>a1e5e2d: Fix promise hang when AbortSignal is aborted</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241"><code>bcbb21d</code></a> ci: fix OIDC publishing — Node 24, npm latest, provenance</li> <li><a href="https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145"><code>dc24387</code></a> Version Packages (2.x) (<a href="https://redirect.github.com/TooTallNate/once/issues/12">#12</a>)</li> <li><a href="https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3"><code>b8a6f80</code></a> CI: test all Node versions on Linux only</li> <li><a href="https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327"><code>dabcc0f</code></a> ci: drop EOL Node.js 14.x/16.x, add 22.x</li> <li><a href="https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a"><code>b464efc</code></a> Update CI: modern Node versions, fix macOS ARM64 compat</li> <li><a href="https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871"><code>a1e5e2d</code></a> Fix promise hang when AbortSignal is aborted</li> <li>See full diff in <a href="https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@tootallnate/once</code> since your current version.</p> </details> <br /> Updates `ajv` from 6.12.6 to 6.15.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec"><code>184bc32</code></a> 6.15.0</li> <li><a href="https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379"><code>fea46af</code></a> test/fix prototype pollution via $data ref with format keyword (<a href="https://redirect.github.com/ajv-validator/ajv/issues/2606">#2606</a>)</li> <li><a href="https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915"><code>e3af0a7</code></a> 6.14.0</li> <li><a href="https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2"><code>b552ed6</code></a> add regExp option to address $data exploit via a regular expression (CVE-2025...</li> <li><a href="https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf"><code>72f2286</code></a> docs: update v7 info</li> <li><a href="https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a"><code>231e52b</code></a> Merge pull request <a href="https://redirect.github.com/ajv-validator/ajv/issues/1320">#1320</a> from philsturgeon/patch-1</li> <li><a href="https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd"><code>d3475fc</code></a> Add spectral, an AJV util from a sponsor</li> <li><a href="https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544"><code>413afe0</code></a> docs: v7.0.0-beta.3</li> <li><a href="https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d"><code>11e997b</code></a> update readme for v7</li> <li>See full diff in <a href="https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0">compare view</a></li> </ul> </details> <br /> Updates `brace-expansion` from 1.1.11 to 1.1.15 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/juliangruber/brace-expansion/releases">brace-expansion's releases</a>.</em></p> <blockquote> <h2>v1.1.15</h2> <ul> <li>Backport v5.0.6 change to v1 (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/111">#111</a>) 0b09384</li> </ul> <hr /> <p><a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15">https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15</a></p> <h2>v1.1.12</h2> <ul> <li>pkg: publish on tag 1.x c460dbd</li> <li>fmt ccb8ac6</li> <li>Fix potential ReDoS Vulnerability or Inefficient Regular Expression (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>) c3c73c8</li> </ul> <hr /> <p><a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12">https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24"><code>2203f4f</code></a> 1.1.15</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd"><code>0b09384</code></a> Backport v5.0.6 change to v1 (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/111">#111</a>)</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3"><code>10c05fc</code></a> 1.1.14</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007"><code>1afa1b2</code></a> Add opt-in { max } mitigation to v1 legacy line (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/103">#103</a>)</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec"><code>2fbb6a2</code></a> Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/101">#101</a>)" (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/102">#102</a>)</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6"><code>0d7652e</code></a> Backport fix for GHSA-7h2j-956f-4vf2 to v1 (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/101">#101</a>)</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898"><code>6c353ca</code></a> 1.1.13</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"><code>7fd684f</code></a> Backport fix for GHSA-f886-m6hf-6m8v (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/95">#95</a>)</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711"><code>44f33b4</code></a> 1.1.12</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570"><code>c460dbd</code></a> pkg: publish on tag 1.x</li> <li>Additional commits viewable in <a href="https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15">compare view</a></li> </ul> </details> <br /> Updates `braces` from 3.0.2 to 3.0.3 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d"><code>74b2db2</code></a> 3.0.3</li> <li><a href="https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e"><code>88f1429</code></a> update eslint. lint, fix unit tests.</li> <li><a href="https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff"><code>415d660</code></a> Snyk js braces 6838727 (<a href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li> <li><a href="https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6"><code>190510f</code></a> fix tests, skip 1 test in test/braces.expand</li> <li><a href="https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856"><code>716eb9f</code></a> readme bump</li> <li><a href="https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3"><code>a5851e5</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/braces/issues/37">#37</a> from coderaiser/fix/vulnerability</li> <li><a href="https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538"><code>2092bd1</code></a> feature: braces: add maxSymbols (<a href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li> <li><a href="https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3"><code>9f5b4cf</code></a> fix: vulnerability (<a href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li> <li><a href="https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d"><code>98414f9</code></a> remove funding file</li> <li><a href="https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14"><code>665ab5d</code></a> update keepEscaping doc (<a href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare view</a></li> </ul> </details> <br /> Updates `dompurify` from 3.3.1 to 3.4.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.4.8</h2> <ul> <li>Cleaned up the repository root, renamed some and removed unneeded files</li> <li>Fixed an issue with handling of Trusted Types policies, thanks <a href="https://github.com/fulstadev"><code>@fulstadev</code></a></li> <li>Fixed the node iterator for better template scrubbing, thanks <a href="https://github.com/IamLeandrooooo"><code>@IamLeandrooooo</code></a></li> <li>Included formerly missing LICENSE-MPL in published npm package, thanks <a href="https://github.com/asamuzaK"><code>@asamuzaK</code></a></li> <li>Bumped several dependencies where possible</li> </ul> <h2>DOMPurify 3.4.7</h2> <ul> <li>Hardened the handling of Shadow Roots when using <code>IN_PLACE</code>, thanks <a href="https://github.com/GameZoneHacker"><code>@GameZoneHacker</code></a></li> <li>Removed a problem leading to permanent hook pollution, thanks <a href="https://github.com/offset"><code>@offset</code></a></li> <li>Refactored the test suite and expanded test coverage significantly</li> </ul> <h2>DOMPurify 3.4.6</h2> <ul> <li>Fixed several issues with DOM Clobbering in <code>IN_PLACE</code> mode, thanks <a href="https://github.com/offset"><code>@offset</code></a> & <a href="https://github.com/Bankde"><code>@Bankde</code></a></li> <li>Hardened the checks for cross-realm <code>IN_PLACE</code> and Shadow DOM sanitization, thanks <a href="https://github.com/offset"><code>@offset</code></a> & <a href="https://github.com/Bankde"><code>@Bankde</code></a></li> <li>Added more test coverage for <code>IN_PLACE</code> and general DOM Clobbering attacks</li> <li>Bumped several dependencies where possible</li> </ul> <h2>DOMPurify 3.4.5</h2> <ul> <li>Fixed a bypass caused by the new HTML element <code>selectedcontent</code> added in 3.4.4, thanks <a href="https://github.com/KabirAcharya"><code>@KabirAcharya</code></a></li> </ul> <p><strong>Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.</strong></p> <h2>DOMPurify 3.4.4</h2> <ul> <li>Added the <code>selectedcontent</code> element to default allow-list, thanks <a href="https://github.com/lukewarlow"><code>@lukewarlow</code></a></li> <li>Added the <code>command</code> and <code>commandfor</code> attributes to default allowed-list, thanks <a href="https://github.com/lukewarlow"><code>@lukewarlow</code></a></li> <li>Added better template scrubbing for <code>IN_PLACE</code> operations, thanks <a href="https://github.com/DEMON1A"><code>@DEMON1A</code></a></li> <li>Added stronger checks for cross-realm windows, thanks <a href="https://github.com/DEMON1A"><code>@DEMON1A</code></a> & <a href="https://github.com/fg0x0"><code>@fg0x0</code></a></li> <li>Updated demo website and made sure it uses the latest from main</li> <li>Updated existing workflows, fuzzer, dependabot, etc., added more tests</li> <li>Bumped several dependencies where possible</li> </ul> <p>🚨 <strong>This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead</strong> 🚨</p> <h2>DOMPurify 3.4.3</h2> <ul> <li>Fixed an issue with handling of nested Shadow DOM trees, thanks <a href="https://github.com/fishjojo1"><code>@fishjojo1</code></a></li> <li>Fixed the template regexes to be more robust against ReDoS attacks, thanks <a href="https://github.com/aleung27"><code>@aleung27</code></a></li> <li>Updated the node iteration code to catch more Shadow DOM related issues</li> <li>Updated Playwright and added Node 26 to test matrix</li> <li>Updated existing workflows, fuzzer, release signing, etc., added more tests</li> <li>Bumped several dependencies where possible</li> </ul> <h2>DOMPurify 3.4.2</h2> <ul> <li>Fixed an issue with URI validation on attributes allowed via <code>ADD_ATTR</code> callback, thanks <a href="https://github.com/nelstrom"><code>@nelstrom</code></a></li> <li>Fixed an issue with source maps referring to non-existing files, thanks <a href="https://github.com/cmdcolin"><code>@cmdcolin</code></a></li> <li>Updated existing workflows, fuzzer, release signing, etc., added more tests</li> <li>Bumped several dependencies where possible</li> </ul> <h2>DOMPurify 3.4.1</h2> <ul> <li>Fixed an issue with on-handler stripping for HTML-spec-reserved custom element names (<code>font-face</code>, <code>color-profile</code>, <code>missing-glyph</code>, <code>font-face-src</code>, <code>font-face-uri</code>, <code>font-face-format</code>, <code>font-face-name</code>) under permissive <code>CUSTOM_ELEMENT_HANDLING</code></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/bcdd8285412dc9c4c149652aed2d712e790d6ccf"><code>bcdd828</code></a> release: 3.4.8 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1439">#1439</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/ca30f070c360df162a3e3848e80e6fd3c9e74bff"><code>ca30f07</code></a> release: 3.4.7 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1414">#1414</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/bb7739e5bccec7e1ab3dae3f3e42d02db3acaaae"><code>bb7739e</code></a> release: 3.4.6 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1394">#1394</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/011b0c78f2a0f57ee54f5fcccb697a46ca6e63ea"><code>011b0c7</code></a> release: 3.4.5 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1382">#1382</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5817ad969c15e67dfcd6cb37248d6e9c1553e7c3"><code>5817ad9</code></a> release: 3.4.4 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1374">#1374</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/520edb0371a9638f9b51f1798051299a250c686b"><code>520edb0</code></a> release: 3.4.3 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1352">#1352</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6f67fd396a7b8c64294343999fe607ca1f5299c0"><code>6f67fd3</code></a> Sync/3.4.2 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1322">#1322</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5b0cdbbf52331e854c0a2de875b1a3790ecec2b8"><code>5b0cdbb</code></a> chore: merge main into 3.x for 3.4.1 release (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1301">#1301</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/09f59115a311469de5b625225760593e551f080a"><code>09f5911</code></a> test: added three more browsers to test setup (OSX, mobile)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9"><code>5b16e0b</code></a> Getting 3.x branch ready for 3.4.0 release (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1250">#1250</a>)</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.8">compare view</a></li> </ul> </details> <details> <summary>Install script changes</summary> <p>This version adds <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Updates `flatted` from 3.2.9 to 3.4.2 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7"><code>3bf0909</code></a> 3.4.2</li> <li><a href="https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"><code>885ddcc</code></a> fix CWE-1321</li> <li><a href="https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3"><code>0bdba70</code></a> added flatted-view to the benchmark</li> <li><a href="https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20"><code>2a02dce</code></a> 3.4.1</li> <li><a href="https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416"><code>fba4e8f</code></a> Merge pull request <a href="https://redirect.github.com/WebReflection/flatted/issues/89">#89</a> from WebReflection/python-fix</li> <li><a href="https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7"><code>5fe8648</code></a> added "when in Rome" also a test for PHP</li> <li><a href="https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0"><code>53517ad</code></a> some minor improvement</li> <li><a href="https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f"><code>b3e2a0c</code></a> Fixing recursion issue in Python too</li> <li><a href="https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad"><code>c4b46db</code></a> Add SECURITY.md for security policy and reporting</li> <li><a href="https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988"><code>f86d071</code></a> Create dependabot.yml for version updates</li> <li>Additional commits viewable in <a href="https://github.com/WebReflection/flatted/compare/v3.2.9...v3.4.2">compare view</a></li> </ul> </details> <br /> Updates `handlebars` from 4.7.8 to 4.7.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/handlebars-lang/handlebars.js/releases">handlebars's releases</a>.</em></p> <blockquote> <h2>v4.7.9</h2> <ul> <li>fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2</li> <li>fix type "RuntimeOptions" also accepting string partials - eab1d14</li> <li>feat(types): set <code>hash</code> to be a <code>Record<string, any></code> - de4414d</li> <li>fix non-contiguous program indices - 4512766</li> <li>refactor: rename i to startPartIndex - e497a35</li> <li>security: fix security issues - 68d8df5 <ul> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh</a></li> <li><a href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2</a></li> </ul> </li> </ul> <p><a href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9">Commits</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.9 - March 26th, 2026</h2> <ul> <li>fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2</li> <li>fix type "RuntimeOptions" also accepting string partials - eab1d14</li> <li>feat(types): set <code>hash</code> to be a <code>Record<string, any></code> - de4414d</li> <li>fix non-contiguous program indices - 4512766</li> <li>refactor: rename i to startPartIndex - e497a35</li> <li>security: fix security issues - 68d8df5</li> </ul> <p><a href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9">Commits</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb"><code>dce542c</code></a> v4.7.9</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562"><code>8a41389</code></a> Update release notes</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2"><code>68d8df5</code></a> Fix security issues</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328"><code>b2a0831</code></a> Fix browser tests</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12"><code>9f98c16</code></a> Fix release script</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9"><code>45443b4</code></a> Revert "Improve partial indenting performance"</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e"><code>8841a5f</code></a> Fix CI errors with linting</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709"><code>e0137c2</code></a> fix: enable shell mode for spawn to resolve Windows EINVAL issue</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7"><code>e914d60</code></a> Improve rendering performance</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd"><code>7de4b41</code></a> Upgrade GitHub Actions checkout and setup-node on 4.x branch</li> <li>Additional commits viewable in <a href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9">compare view</a></li> </ul> </details> <br /> Updates `ip-address` from 10.1.0 to 10.2.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8"><code>80fccaa</code></a> 10.2.0</li> <li><a href="https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e"><code>abaeb4d</code></a> Type Address4.addressMinusSuffix as non-nilable (closes <a href="https://redirect.github.com/beaugunderson/ip-address/issues/143">#143</a>)</li> <li><a href="https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e"><code>2878c29</code></a> Preserve subnet prefix through Address6.to4() (closes <a href="https://redirect.github.com/beaugunderson/ip-address/issues/123">#123</a>) (<a href="https://redirect.github.com/beaugunderson/ip-address/issues/203">#203</a>)</li> <li><a href="https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee"><code>586666e</code></a> Reject trailing junk in Address6.fromURL (closes <a href="https://redirect.github.com/beaugunderson/ip-address/issues/158">#158</a>) (<a href="https://redirect.github.com/beaugunderson/ip-address/issues/202">#202</a>)</li> <li><a href="https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac"><code>80bc76e</code></a> Validate static factories instead of silently overflowing (<a href="https://redirect.github.com/beaugunderson/ip-address/issues/201">#201</a>)</li> <li><a href="https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520"><code>98927be</code></a> Clarify isValid() accepts CIDRs with host bits set (<a href="https://redirect.github.com/beaugunderson/ip-address/issues/81">#81</a>)</li> <li><a href="https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a"><code>a0eb073</code></a> Fix getScope() and broaden getType() classification (closes <a href="https://redirect.github.com/beaugunderson/ip-address/issues/122">#122</a>) (<a href="https://redirect.github.com/beaugunderson/ip-address/issues/200">#200</a>)</li> <li><a href="https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7"><code>ec52105</code></a> Add networkForm() for CIDR network-address strings (<a href="https://redirect.github.com/beaugunderson/ip-address/issues/199">#199</a>)</li> <li><a href="https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb"><code>a9443a7</code></a> Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes <a href="https://redirect.github.com/beaugunderson/ip-address/issues/62">#62</a>) (<a href="https://redirect.github.com/beaugunderson/ip-address/issues/198">#198</a>)</li> <li><a href="https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e"><code>f01d742</code></a> Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...</li> <li>Additional commits viewable in <a href="https://github.com/beaugunderson/ip-address/compare/v10.1.0...v10.2.0">compare view</a></li> </ul> </details> <br /> Updates `lodash` from 4.17.21 to 4.18.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.18.1">compare view</a></li> </ul> </details> <br /> Updates `mermaid` from 11.12.2 to 11.15.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mermaid-js/mermaid/releases">mermaid's releases</a>.</em></p> <blockquote> <h2>mermaid@11.15.0</h2> <h3>Minor Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7174">#7174</a> <a href="https://github.com/mermaid-js/mermaid/commit/0aca21739c0d1fcaaa206e04a6cd574ebc415483"><code>0aca217</code></a> Thanks <a href="https://github.com/milesspencer35"><code>@milesspencer35</code></a>! - feat(sequence): Add support for decimal start and increment values in the <code>autonumber</code> directive</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7512">#7512</a> <a href="https://github.com/mermaid-js/mermaid/commit/8e17492f7365ba50896382feb69a23efd9d8a22d"><code>8e17492</code></a> Thanks <a href="https://github.com/aruncveli"><code>@aruncveli</code></a>! - feat(flowchart): add datastore shape</p> <p>In Data flow diagrams, a datastore/warehouse/file/database is used to represent data persistence. It is denoted by a rectangle with only top and bottom borders, and can be used in flowcharts with <code>A@{ shape: datastore, label: "Datastore" }</code>.</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/6440">#6440</a> <a href="https://github.com/mermaid-js/mermaid/commit/9ad8dde6d049adde85d8ed2d476c09b5820f3f4b"><code>9ad8dde</code></a> Thanks <a href="https://github.com/yordis"><code>@yordis</code></a>, <a href="https://github.com/lgazo"><code>@lgazo</code></a>! - feat: add Event Modeling diagram</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7707">#7707</a> <a href="https://github.com/mermaid-js/mermaid/commit/27db774627be1cee881961dfd0d2cb21cd01b79d"><code>27db774</code></a> Thanks <a href="https://github.com/txmxthy"><code>@txmxthy</code></a>! - feat(architecture): expose four fcose layout knobs for <code>architecture-beta</code> diagrams (<code>nodeSeparation</code>, <code>idealEdgeLengthMultiplier</code>, <code>edgeElasticity</code>, <code>numIter</code>) so authors can tune layout density and spread overlapping siblings without changing diagram source</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7604">#7604</a> <a href="https://github.com/mermaid-js/mermaid/commit/bf9502fb6012a4b724679b401ac928f5ee55161c"><code>bf9502f</code></a> Thanks <a href="https://github.com/M-a-c"><code>@M-a-c</code></a>! - feat(class): add nested namespace support for class diagrams via dot notation and syntactic nesting</p> <p>If you have namespaces in class diagrams that use <code>.</code>s already and want to render them without nesting (≤v11.14.0 behaviour), you can use set <code>class.hierarchicalNamespaces=false</code> in your mermaid config:</p> <pre lang="yaml"><code>config: class: hierarchicalNamespaces: false </code></pre> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7272">#7272</a> <a href="https://github.com/mermaid-js/mermaid/commit/88cdd3dc0aab9577174561b04e14760c565a232b"><code>88cdd3d</code></a> Thanks <a href="https://github.com/xinbenlv"><code>@xinbenlv</code></a>! - feat(sankey): add outlined label style, configurable nodeWidth/nodePadding, and custom node colors</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7737">#7737</a> <a href="https://github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f"><code>e9b0f34</code></a> Thanks <a href="https://github.com/ashishjain0512"><code>@ashishjain0512</code></a>! - fix: prevent unbalanced CSS styles in classDefs</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7737">#7737</a> <a href="https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056"><code>37ff937</code></a> Thanks <a href="https://github.com/ashishjain0512"><code>@ashishjain0512</code></a>! - fix: create CSS styles using the CSSOM</p> <p>This removes some invalid CSS and normalizes some CSS formatting.</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7508">#7508</a> <a href="https://github.com/mermaid-js/mermaid/commit/bfe60cc67b9a6dec64f9161f58e4d24a06c42b65"><code>bfe60cc</code></a> Thanks <a href="https://github.com/biiab"><code>@biiab</code></a>! - fix(stateDiagram): <code>end note</code> now only closes a note when used on a new line</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7737">#7737</a> <a href="https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e"><code>faafb5d</code></a> Thanks <a href="https://github.com/ashishjain0512"><code>@ashishjain0512</code></a>! - fix(gantt): add iteration limit for <code>excludes</code> field</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7737">#7737</a> <a href="https://github.com/mermaid-js/mermaid/commit/65f8be2a42faf869b811469571983cba7eeeca99"><code>65f8be2</code></a> Thanks <a href="https://github.com/ashishjain0512"><code>@ashishjain0512</code></a>! - fix: disallow some CSS at-rules in custom CSS</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7726">#7726</a> <a href="https://github.com/mermaid-js/mermaid/commit/1502f32f3c5fb944925b0c527fbbde3c4f041824"><code>1502f32</code></a> Thanks <a href="https://github.com/aloisklink"><code>@aloisklink</code></a>! - fix(wardley): fix unnecessary sanitization of text</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7578">#7578</a> <a href="https://github.com/mermaid-js/mermaid/commit/1f98db8e326299ac97a2fa60abfd509d8f5f16e2"><code>1f98db8</code></a> Thanks <a href="https://github.com/Gaston202"><code>@Gaston202</code></a>! - fix(class): self-referential class multiplicity labels no longer rendered multiple times</p> <p>Fixes <a href="https://redirect.github.com/mermaid-js/mermaid/issues/7560">#7560</a>. Resolves an issue where cardinality labels on self-referential class relationships were rendered three times due to edge splitting in the dagre layout. The fix ensures that each sub-edge only carries its relevant label positions.</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7592">#7592</a> <a href="https://github.com/mermaid-js/mermaid/commit/2343e38498a3b31f8ce5e79f1f009e0b56fbe086"><code>2343e38</code></a> Thanks <a href="https://github.com/knsv-bot"><code>@knsv-bot</code></a>! - fix(sequence): add background box behind alt/else section title labels in sequence diagrams</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7589">#7589</a> <a href="https://github.com/mermaid-js/mermaid/commit/7fb9509b8b5cb1dc48519dc60cf6cdc6afba0462"><code>7fb9509</code></a> Thanks <a href="https://github.com/NYCU-Chung"><code>@NYCU-Chung</code></a>! - fix(block): prevent column widths from shrinking when mixing different column spans</p> </li> <li> <p><a href="https://redirect.github.com/mermaid-js/mermaid/pull/7632">#7632</a> <a href="https://github.com/mermaid-js/mermaid/commit/3f9e0f15bedc1e2c71ddb6b34192d1a21124cfc2"><code>3f9e0f1</code></a> Thanks <a href="https://github.com/ekiauhce"><code>@ekiauhce</code></a>! - fix(sequence): correct messageAlign label position for right-to-left arrows in sequence diagrams</p> </li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mermaid-js/mermaid/commit/41646dfd43ac83f001b03c70605feb036afae46d"><code>41646df</code></a> Merge pull request <a href="https://redirect.github.com/mermaid-js/mermaid/issues/7739">#7739</a> from aloisklink/ci/fix-release</li> <li><a href="https://github.com/mermaid-js/mermaid/commit/2671f5c44a1515960ebc41c09a365c41860f95ee"><code>2671f5c</code></a> docs: fix v11.15.0 release</li> <li><a href="https://github.com/mermaid-js/mermaid/commit/f4bf04b5db8bed603e40ed3d5ce5228d6b07754e"><code>f4bf04b</code></a> Merge pull request <a href="https://redirect.github.com/mermaid-js/mermaid/issues/7738">#7738</a> from mermaid-js/changeset-release/master</li> <li><a href="https://github.com/mermaid-js/mermaid/commit/abfb563e1dcbd46d617f44a6361bd6d926dc6289"><code>abfb563</code></a> Version Packages</li> <li><a href="https://github.com/mermaid-js/mermaid/commit/60b289f428d0a0832ad95ed4e1fb326344e23532"><code>60b289f</code></a> Release Candidate 11.15.0 (<a href="https://redirect.github.com/mermaid-js/mermaid/issues/7737">#7737</a>)</li> <li><a href="https://github.com/mermaid-js/mermaid/commit/d37c0db39ca2405b4473361063df2c47109dc2c9"><code>d37c0db</code></a> Merge pull request <a href="https://redirect.github.com/mermaid-js/mermaid/issues/7…

Contributes to rapidsai#259 Cleans up the dependency metadata bit. * drops `pytest-asyncio` and `websockets` (never used directly) * declares `tornado` runtime dependency (explicitly imported in a few places) * `dependencies.yaml` re-organization: - alphabetizes lists - uses YAML anchor to reduce duplication Authors: - James Lamb (https://github.com/jameslamb) Approvers: - Bradley Dice (https://github.com/bdice) - Naty Clementi (https://github.com/ncclementi) URL: rapidsai#272

…ing changes (rapidsai#270) Contributes to rapidsai#259 Fixes rapidsai#268 This contains a bunch of changes to bring the project up to date with current packaging and development practices in RAPIDS. Hopefully that'll make it easier to maintain (including in automated all-of-RAPIDS migrations) * adds NVIDIA copyright statements in source files that were missing it - _skipped CSS and TypeScript... will do that after rapidsai/pre-commit-hooks#127 is in_ * updates `build.yaml` to run on pushes to `main` and only release-pattern tags * adds a `VERSION` file and... - ... enables CI check that its contents match the latest remote `git` tag - ... uses it in more places (including reducing duplicate "replace version in `package.json`" logic) - adds a `jupyterlab.__version__` attribute in the Python package * moves minimum Python version to 3.11 (matching RAPIDS) Authors: - James Lamb (https://github.com/jameslamb) Approvers: - Bradley Dice (https://github.com/bdice) - Naty Clementi (https://github.com/ncclementi) URL: rapidsai#270

We've been fighting `dependabot` over the content of a patch: * rapidsai@5c199b1 * rapidsai#274 (comment) Seeing failures here on dependabot PRs: https://github.com/rapidsai/jupyterlab-nvdashboard/blob/216c60a2e71aada31bd5ec699818489ee01617d5/ci/check_style.sh#L22-L25 I think the root cause might be that `dependabot` is using a different version of `yarn` to generate the `yarn.lock` changes. This tries to fix that by pinning `yarn` here. ## Notes for Reviewers ### Why I think this might work `jupyterlab-git` does this ([code link](https://github.com/jupyterlab/jupyterlab-git/blob/87024b9c122897aa7f471e0a2b44ecfde54adc80/package.json#L58)) and uses `dependabot` to update `yarn.lock` (https://github.com/jupyterlab/jupyterlab-git/commits/main/yarn.lock) I haven't found direct docs or code saying that `dependabot` supports reading this, but it seems like it's a standard other project use. More evidence: * dependabot/dependabot-core#4830 * https://github.com/nodejs/corepack#when-authoring-packages Couldn't hurt to try 🤷🏻

…s 1 directory (rapidsai#274) Bumps the npm-and-yarn group with 1 update in the / directory: [lodash-es](https://github.com/lodash/lodash). Updates `lodash-es` from 4.17.21 to 4.18.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash-es's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.18.1">compare view</a></li> </ul> </details> <br /> Authors: - https://github.com/apps/dependabot Approvers: - Naty Clementi (https://github.com/ncclementi) URL: rapidsai#274

… 1 directory (rapidsai#276) Bumps the npm-and-yarn group with 1 update in the / directory: [shell-quote](https://github.com/ljharb/shell-quote). Updates `shell-quote` from 1.8.1 to 1.8.4 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md">shell-quote's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4">v1.8.4</a> - 2026-05-22</h2> <h3>Commits</h3> <ul> <li>[Fix] <code>quote</code>: validate object-token shapes <a href="https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d"><code>4378a6e</code></a></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code>, <code>auto-changelog</code>, <code>eslint</code>, <code>npmignore</code> <a href="https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6"><code>22ebec0</code></a></li> <li>[Tests] increase coverage <a href="https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d"><code>9f3caa3</code></a></li> <li>[readme] replace runkit CI badge with shields.io check-runs badge <a href="https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0"><code>3344a04</code></a></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a href="https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4"><code>699c511</code></a></li> </ul> <h2><a href="https://github.com/ljharb/shell-quote/compare/v1.8.2...v1.8.3">v1.8.3</a> - 2025-06-01</h2> <h3>Fixed</h3> <ul> <li>[Fix] remove unnecessary backslash escaping in single quotes <a href="https://redirect.github.com/ljharb/shell-quote/issues/15"><code>[#15](https://github.com/ljharb/shell-quote/issues/15)</code></a></li> </ul> <h2><a href="https://github.com/ljharb/shell-quote/compare/v1.8.1...v1.8.2">v1.8.2</a> - 2024-11-27</h2> <h3>Fixed</h3> <ul> <li>[Fix] <code>quote</code>: preserve empty strings <a href="https://redirect.github.com/ljharb/shell-quote/issues/18"><code>[#18](https://github.com/ljharb/shell-quote/issues/18)</code></a></li> </ul> <h3>Commits</h3> <ul> <li>[meta] fix changelog tags <a href="https://github.com/ljharb/shell-quote/commit/0fb9fd8441aa06f7de995e90ce85bd9e758f5f05"><code>0fb9fd8</code></a></li> <li>[actions] split out node 10-20, and 20+ <a href="https://github.com/ljharb/shell-quote/commit/819bd842e0b01f3e5041834ab82bad299851de08"><code>819bd84</code></a></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code>, <code>auto-changelog</code>, <code>npmignore</code>, <code>tape</code> <a href="https://github.com/ljharb/shell-quote/commit/fc564086c83317363908b55f6c744ad35983ccca"><code>fc56408</code></a></li> <li>[actions] update npm for windows tests <a href="https://github.com/ljharb/shell-quote/commit/fdeb0fd102ecdd4ff227a978532598c462312347"><code>fdeb0fd</code></a></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code>, <code>aud</code>, <code>tape</code> <a href="https://github.com/ljharb/shell-quote/commit/b8a4a3b3f5ae3ca8ae86b89ed0030e4e3358ef3c"><code>b8a4a3b</code></a></li> <li>[actions] prevent node 14 on ARM mac from failing <a href="https://github.com/ljharb/shell-quote/commit/9eecafc0486c9321be223415cf3fb76a5bd07dda"><code>9eecafc</code></a></li> <li>[meta] exclude more files from the package <a href="https://github.com/ljharb/shell-quote/commit/4044e7fad4a45e696602060b69b31a95702bee28"><code>4044e7f</code></a></li> <li>[Tests] replace <code>aud</code> with <code>npm audit</code> <a href="https://github.com/ljharb/shell-quote/commit/8cfdbd8ec30e653f9f99348e59117ed4a789e1ba"><code>8cfdbd8</code></a></li> <li>[meta] add missing <code>engines.node</code> <a href="https://github.com/ljharb/shell-quote/commit/843820e1a46cebcf10d8e48c4d82d0ab5a7b0194"><code>843820e</code></a></li> <li>[Dev Deps] add missing peer dep <a href="https://github.com/ljharb/shell-quote/commit/4c3b88d7925d29e9cc1ac76ccde05f4e714ede96"><code>4c3b88d</code></a></li> <li>[Dev Deps] pin <code>jackspeak</code> since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6 <a href="https://github.com/ljharb/shell-quote/commit/80322ed5914a5922d9507946490fbabcc96e624b"><code>80322ed</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae"><code>ff166e2</code></a> v1.8.4</li> <li><a href="https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d"><code>4378a6e</code></a> [Fix] <code>quote</code>: validate object-token shapes</li> <li><a href="https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6"><code>22ebec0</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code>, <code>auto-changelog</code>, <code>eslint</code>, `npmig...</li> <li><a href="https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d"><code>9f3caa3</code></a> [Tests] increase coverage</li> <li><a href="https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0"><code>3344a04</code></a> [readme] replace runkit CI badge with shields.io check-runs badge</li> <li><a href="https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4"><code>699c511</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/shell-quote/commit/487a9b41a7b6154d2a9c10bdffe65cf74d2c3ded"><code>487a9b4</code></a> v1.8.3</li> <li><a href="https://github.com/ljharb/shell-quote/commit/01faafff9727bf2b72ede0e7cb291bdd8438a8df"><code>01faaff</code></a> [Fix] remove unnecessary backslash escaping in single quotes</li> <li><a href="https://github.com/ljharb/shell-quote/commit/b19fc77e66871eee10a9978d54c27d802a1da99b"><code>b19fc77</code></a> v1.8.2</li> <li><a href="https://github.com/ljharb/shell-quote/commit/59d29ea6941335258ceb75bab95d045886650436"><code>59d29ea</code></a> [Fix] <code>quote</code>: preserve empty strings</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/shell-quote/compare/v1.8.1...v1.8.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shell-quote&package-manager=npm_and_yarn&previous-version=1.8.1&new-version=1.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rapidsai/jupyterlab-nvdashboard/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…rapidsai#278) Contributes to rapidsai#259 * manually updates packages to their latest supported versions * deduplicates entries in `yarn.lock`, to push all packages towards the latest compatible-with-all-requirements version ## Notes for Reviewers ### Benefits of these changes Manually updating resolves some deprecation warnings and other issues noted by dependabot. Deduplicating simplifies the dependency graph for the project a bit, by pushing different (overlapping!) requirements to a single version for each dependency. Hopefully that'll reduce false positives from scanners and the likelihood of dependabot and similar automation getting stuck processing updates. ### How I made these changes ```shell conda create --yes --name nvdashboard-dev --file ./conda/environments/all_arch-any.yaml source activate nvdashboard-dev jlpm --version # 3.5.0 jlpm dedupe --strategy highest jlpm up ajv --recursive jlpm up js-yaml --recursive jlpm up minimatch --recursive jlpm up picomatch --recursive jlpm up serialize-javascript --recursive jlpm up uuid --recursive jlpm dedupe --strategy highest jlpm install ``` ### How I tested this Ran the commands listed above. Did not see any warnings or errors from: ```shell jlpm install jlpm run build ``` Authors: - James Lamb (https://github.com/jameslamb) Approvers: - Naty Clementi (https://github.com/ncclementi) URL: rapidsai#278

…apidsai#277) Contributes to rapidsai#259 * replaces `black` and `flake8` with `ruff` - _as is done in much of the rest of RAPIDS_ - _related: https://github.com/rapidsai/build-planning/issues/130_ * updates all `pre-commit` hooks with `pre-commit autoupdate` ## Notes for Reviewers Python formatting changes were made by `ruff`.

…deduplicate yarn.lock (rapidsai#279) Follow-up to rapidsai#275 and rapidsai#278 Closes rapidsai#259 * resolves the last remaining dependabot alert, on `uuid` * adds a `pre-commit` check to automatically run `jlpm dedupe` to minimize how many package versions are stored in `yarn.lock` * moves more yarn (`jlpm`) checks into `pre-commit` ## Notes for Reviewers ### How I tested this Cleaned out any not-in-git state. ```console $ git clean -d -f -X Removing .eslintcache Removing .ruff_cache/ Removing .yarn/ Removing jupyterlab_nvdashboard/__pycache__/ Removing jupyterlab_nvdashboard/_version.py Removing jupyterlab_nvdashboard/apps/__pycache__/ Removing jupyterlab_nvdashboard/labextension/ Removing lib/ Removing node_modules/ Removing tsconfig.tsbuildinfo ``` Manually changed the `yarn` version in `package.json` to 3.6.0 and added a duplicate entry in `yarn.lock`. ```console $ pre-commit run --all-files check-yarn-version check-yarn-version.......................................................Failed - hook id: check-yarn-version - exit code: 1 error: yarn version from 'jlpm --version' (3.5.0) and 'packageManager' field in package.json (3.6.0) do not match. $ pre-commit run --all-files yarn-lockfile-dedupe yarn-lockfile-dedupe.....................................................Failed - hook id: yarn-lockfile-dedupe - exit code: 1 ... hundreds of lines ... ➤ YN0013: │ yocto-queue@npm:0.1.0 can't be found in the cache and will be fetched from the remote registry ➤ YN0000: └ Completed in 0s 324ms ➤ YN0000: ┌ Link step ➤ YN0007: │ @fortawesome/fontawesome-free@npm:5.15.4 must be built because it never has been before or the last one failed ➤ YN0000: └ Completed in 2s 856ms ➤ YN0000: Done in 3s 427ms ➤ YN0000: ┌ Deduplication step ➤ YN0000: │ No packages can be deduped using the highest strategy ➤ YN0000: └ Completed ``` Manually reset the version in `package.json`. No manual changes needed in `yarn.lock`, the hook automatically updated it. ```console $ pre-commit run --all-files trim trailing whitespace.................................................Passed fix end of files.........................................................Passed ruff check...............................................................Passed ruff format..............................................................Passed shellcheck...............................................................Passed verify-copyright.........................................................Passed RAPIDS dependency file generator.........................................Passed zizmor...................................................................Passed prettier.................................................................Passed eslint...................................................................Passed check-yarn-version.......................................................Passed yarn-lockfile-dedupe.....................................................Passed check-frontend...........................................................Passed ``` Authors: - James Lamb (https://github.com/jameslamb) Approvers: - Naty Clementi (https://github.com/ncclementi) - Bradley Dice (https://github.com/bdice) URL: rapidsai#279

….system

raydouglass and others added 30 commits March 23, 2020 14:27

FIX Move update-version to correct location

9f29548

FIX update-version.sh is now non-interactive

e7377bb

Merge pull request rapidsai#55 from raydouglass/release-0.2.1

4aa4423

[RELEASE] v0.2.1

REL v0.2.1 release

492f4d1

Merge remote-tracking branch 'origin/branch-0.3'

a2e0c87

[REL] v0.3 release

64be78a

[REL] v0.3.1 release

8ea7b00

Merge pull request rapidsai#76 from rapidsai/branch-0.4

eac88cd

REL v0.4.0 release

72e126e

REL - Merge pull request rapidsai#78 from rapidsai/master

ea30c51

REL - [skip-ci] Sync main with master

Merge remote-tracking branch 'upstream/branch-0.5'

c1cfec8

REL v0.5.0 release

694690f

Merge pull request rapidsai#103 from rapidsai/branch-0.6

7ee63f7

Release 0.6.0

Merge pull request rapidsai#128 from rapidsai/branch-0.7

f4f9abf

[RELEASE] v0.7 jupyterlab-nvdashboard

Merge pull request rapidsai#129 from rapidsai/branch-0.7

5579774

Update update-version.sh

REL v0.7.0 release

ec40685

Merge pull request rapidsai#155 from rapidsai/branch-0.8

1dfa742

[RELEASE] v0.8.0

REL v0.8.0 release

8ed1064

Merge pull request rapidsai#164 from rapidsai/branch-0.9

bb18fdd

[RELEASE] v0.9

REL v0.9.0 release

842b370

Merge pull request rapidsai#185 from rapidsai/branch-0.10

86831fc

[RELEASE] v0.10.0

REL v0.10.0 release

5b02a4c

Merge pull request rapidsai#190 from rapidsai/branch-0.10

49a504a

[RELEASE] v0.10.0

REL v0.10.0 release

86e9c6c

Merge pull request rapidsai#197 from rapidsai/branch-0.11

c64e8c0

Fix bad merge

eb5e27c

REL v0.11.0 release

f481e0c

Merge pull request rapidsai#211 from rapidsai/branch-0.12

f0e4f20

Release v0.12.0

REL v0.12.0 release

3a99d43

Merge pull request rapidsai#219 from rapidsai/branch-0.13

dbb5412

[RELEASE] v0.13.0

Migrate pynvml to cuda.core.system

066fef9

mdboom mentioned this pull request Apr 27, 2026

EPIC: Port Rapids projects from pynvml to cuda.core.system NVIDIA/cuda-python#1915

Open

mdboom added 2 commits May 19, 2026 09:31

Merge remote-tracking branch 'upstream/branch-0.14' into pynvml-to-cu…

728d077

…da.core.system

Upgrade to cuda_core 1.0.0

a15e2ed

mdboom force-pushed the pynvml-to-cuda.core.system branch from eac40b7 to a15e2ed Compare May 19, 2026 13:36

mdboom marked this pull request as ready for review May 19, 2026 13:36

mdboom requested review from a team as code owners May 19, 2026 13:36

mdboom requested a review from gforsyth May 19, 2026 13:36

gforsyth reviewed May 19, 2026

View reviewed changes

Comment thread pyproject.toml Outdated

Comment thread README.md Outdated

Cleanup temporary things

bb903c4

mdboom requested a review from gforsyth May 19, 2026 15:01

gforsyth approved these changes May 19, 2026

View reviewed changes

ncclementi reviewed May 27, 2026

View reviewed changes

jameslamb and others added 12 commits June 5, 2026 13:08

Merge pull request rapidsai#269 from rapidsai/branch-0.14

4c2e178

merge branch-0.14 into 'main'

Merge remote-tracking branch 'upstream/main' into pynvml-to-cuda.core…

4571446

….system

mdboom requested a review from a team as a code owner June 10, 2026 12:27

mdboom requested a review from KyleFromNVIDIA June 10, 2026 12:27

ncclementi removed the request for review from KyleFromNVIDIA June 10, 2026 14:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Migrate pynvml to cuda.core.system#255

Migrate pynvml to cuda.core.system#255
mdboom wants to merge 47 commits into
rapidsai:branch-0.14from
mdboom:pynvml-to-cuda.core.system

mdboom commented Apr 27, 2026 •

edited

Loading

Uh oh!

copy-pr-bot Bot commented Apr 27, 2026

Uh oh!

gforsyth left a comment

Uh oh!

Uh oh!

Uh oh!

gforsyth left a comment

Uh oh!

ncclementi May 27, 2026

Uh oh!

mdboom Jun 10, 2026

Uh oh!

ncclementi Jun 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

Uh oh!

Conversation

mdboom commented Apr 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

copy-pr-bot Bot commented Apr 27, 2026

Uh oh!

gforsyth left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

gforsyth left a comment

Choose a reason for hiding this comment

Uh oh!

ncclementi May 27, 2026

Choose a reason for hiding this comment

Uh oh!

mdboom Jun 10, 2026

Choose a reason for hiding this comment

Uh oh!

ncclementi Jun 10, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

mdboom commented Apr 27, 2026 •

edited

Loading