ef34e14chore(deps): bump basic-ftp in the npm_and_yarn group across 1 directory (#300) (dependabot[bot])Bumps the npm_and_yarn group with 1 update in the / directory: basic-ftp. Updates
basic-ftpfrom 5.2.1 to 5.2.2
updated-dependencies:
- dependency-name: basic-ftp dependency-version: 5.2.2 dependency-type: indirect dependency-group: npm_and_yarn ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
54fb61bupgrade eslint (#301) (Carl-Erik Kopseng)-
Update shared eslint config
-
Upgrade to breaking ESLint 10 and new shared config
-
upgrade coverage conf
-
fix lock file
-
77a1167include Sauce Labs test runs in the publishing pipeline (Carl-Erik Kopseng)
Released by Carl-Erik Kopseng on 2026-04-11.
Mainly a bunch of patch updates to dependencies and a fix of the build pipeline, as tests in sauce-labs broke
1dc33b2Fix type generation using new compiler (Carl-Erik Kopseng)ab5b5dfchore(deps): bump the npm_and_yarn group across 1 directory with 3 updates (#299) (dependabot[bot])Bumps the npm_and_yarn group with 3 updates in the / directory: basic-ftp, lodash and picomatch. Updates
basic-ftpfrom 5.2.0 to 5.2.1Updates
lodashfrom 4.17.23 to 4.18.1Updates
picomatchfrom 4.0.3 to 4.0.40c40487Upgrade Typescript to preview of v7 (Carl-Erik Kopseng)24b6c0eFix SauceLabs failure in Edge (Carl-Erik Kopseng)d1c4342chore(deps-dev): bump the npm_and_yarn group across 1 directory with 2 updates (#295) (dependabot[bot])Bumps the npm_and_yarn group with 2 updates in the / directory: fast-xml-parser and flatted. Updates
fast-xml-parserfrom 5.4.2 to 5.5.8Updates
flattedfrom 3.3.3 to 3.4.2cf9b1e0chore(deps-dev): bump esbuild from 0.27.3 to 0.27.4 (#296) (dependabot[bot])Bumps esbuild from 0.27.3 to 0.27.4.
54f9c0fchore(deps): bump codecov/codecov-action from 5 to 6 (#298) (dependabot[bot])Bumps codecov/codecov-action from 5 to 6.
7e237f6Fix SauceLabs failure in Edge (Carl-Erik Kopseng)e03027echore(deps-dev): bump jsdom from 28.1.0 to 29.0.0 (#293) (dependabot[bot])Bumps jsdom from 28.1.0 to 29.0.0.
8274e17chore(deps-dev): bump lint-staged from 16.3.2 to 16.4.0 (#292) (dependabot[bot])Bumps lint-staged from 16.3.2 to 16.4.0.
c3e2f6achore(deps): bump the npm_and_yarn group across 1 directory with 1 update (#290) (dependabot[bot])Bumps the npm_and_yarn group with 1 update in the / directory: undici. Updates
undicifrom 6.21.3 to 6.24.1Updates
undicifrom 7.22.0 to 7.24.4
Released by Carl-Erik Kopseng on 2026-04-09.
21846c7ci: update test matrix to Node 22 and 24 (Morgan Roderick)Drop Node 20 which reaches EOL on April 30, 2026.
Released by Morgan Roderick on 2026-03-20.
b415496Fix Buffer deepEqual regression from prototype key comparison (#291) (Carl-Erik Kopseng)The prototype-chain comparison added in 3fbe355d19bdaf9be1d5911dde8619eedac3a99e made deepEqual read inherited enumerable Buffer accessors such as
offset.Two Buffer instances with identical bytes can still have different
offsetvalues because small Buffers are often views into different positions in the same pooled backing store. That offset is allocator metadata, not part of the logical buffer value.Keep prototype enumerable-key support for URL-like objects, but use own enumerable keys for array-like values so Buffer equality stays content-based.
- fix: make npm lint work in nested worktrees
2d85ed4chore(deps-dev): bump @sinonjs/eslint-config from 5.0.4 to 6.0.0 (#286) (dependabot[bot])Bumps @sinonjs/eslint-config from 5.0.4 to 6.0.0.
updated-dependencies:
- dependency-name: "@sinonjs/eslint-config" dependency-version: 6.0.0 dependency-type: direct:development update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fd306edchore(deps-dev): bump lint-staged from 16.3.1 to 16.3.2 (#287) (dependabot[bot])Bumps lint-staged from 16.3.1 to 16.3.2.
updated-dependencies:
- dependency-name: lint-staged dependency-version: 16.3.2 dependency-type: direct:development update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8c595b2chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates (#288) (dependabot[bot])Bumps the npm_and_yarn group with 5 updates in the / directory:
Package From To glob 11.0.311.1.0glob 10.4.510.5.0minimatch 3.1.23.1.5basic-ftp 5.0.55.2.0fast-xml-parser 5.2.55.4.2lodash 4.17.214.17.23Updates globfrom 11.0.3 to 11.1.0Updates
globfrom 10.4.5 to 10.5.0Updates
minimatchfrom 3.1.2 to 3.1.5Updates
basic-ftpfrom 5.0.5 to 5.2.0Updates
fast-xml-parserfrom 5.2.5 to 5.4.2Updates
lodashfrom 4.17.21 to 4.17.23
updated-dependencies:
- dependency-name: glob dependency-version: 11.1.0 dependency-type: indirect dependency-group: npm_and_yarn
- dependency-name: glob dependency-version: 10.5.0 dependency-type: indirect dependency-group: npm_and_yarn
- dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn
- dependency-name: basic-ftp dependency-version: 5.2.0 dependency-type: indirect dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser dependency-version: 5.4.2 dependency-type: indirect dependency-group: npm_and_yarn
- dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2b517a8chore(deps): bump actions/checkout from 5 to 6 (#284) (dependabot[bot])Bumps actions/checkout from 5 to 6.
updated-dependencies:
- dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carl-Erik Kopseng carlerik@gmail.com
cec12dachore(deps): bump actions/setup-node from 5 to 6 (#282) (dependabot[bot])Bumps actions/setup-node from 5 to 6.
updated-dependencies:
- dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bf3b202chore(deps-dev): bump js-yaml (#283) (dependabot[bot])Bumps the npm_and_yarn group with 1 update in the / directory: js-yaml. Updates
js-yamlfrom 4.1.0 to 4.1.1
updated-dependencies:
- dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Released by Carl-Erik Kopseng on 2026-03-16.
1de64bbfix browser-bundled mochify tests (Carl-Erik Kopseng)
Released by Carl-Erik Kopseng on 2026-03-02.
03e2fa3test: load jquery after jsdom setup (Carl-Erik Kopseng)8be51caUpgrade deps (Carl-Erik Kopseng)65a646afix: restore deepEqual key symmetry (#285) (Carl-Erik Kopseng)-
chore: ignore local worktrees
-
test: cover deepEqual key symmetry regression
-
fix: restore deepEqual key symmetry
-
fix format
-
29aa7fbchore(deps): bump actions/setup-node from 4 to 5 (#273) (dependabot[bot])Bumps actions/setup-node from 4 to 5.
updated-dependencies:
- dependency-name: actions/setup-node dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
0a5ae72chore(deps-dev): bump mocha from 11.7.1 to 11.7.4 (#275) (dependabot[bot])Bumps mocha from 11.7.1 to 11.7.4.
updated-dependencies:
- dependency-name: mocha dependency-version: 11.7.4 dependency-type: direct:development update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
252eaabci: adjust dependabot config and code coverage upload (#269) (Yashar Fakhari)- Removed version grouping to prevent major updates from blocking CI
- Reduced PR limit to 3 to match previous group count
- Fix permission issue for Dependabot auto merge
- Add support for CODECOV_TOKEN
- Remove code coverage report upload as a blocking workflow step
3c371bdclearer wording (Carl-Erik Kopseng)97ad89cAdded compatibility section (Carl-Erik Kopseng)
Released by Carl-Erik Kopseng on 2026-03-02.
af7b6eechore: GitHub CI improvements (#262) (Yashar Fakhari)Github Actions Workflow:
- Use Node 22 and the latest checkout github action for code coverage job
- Replace HUSKY_SKIP_INSTALL with HUSKY=0 for Husky v9 compatibility
- Set HUSKY env variable once for entire workflow
- Use built-in npm module caching instead of manual cache setup
- Add TypeScript build step to static analysis
- Use codecov's official action for uploading coverage reports
- Remove redundant npm test execution from test-check-coverage
- Add automerge job for Dependabot
Dependabot Config:
- Set npm updates to weekly on Wednesdays at 00:00 UTC
- Batch npm update PRs by semver into separate major, minor, and patch groups
- Set monthly GitHub Actions updates on Wednesdays at 01:00 UTC
3fbe355fix #251: compare props on the prototype chain (#267) (Carl-Erik Kopseng)-
fix #251: compare enumerable props on the prototype
-
Negate test: Arguments with same contents as an array is deeply equal
Co-authored-by: Morgan Roderick 20321+mroderick@users.noreply.github.com
Co-authored-by: Morgan Roderick 20321+mroderick@users.noreply.github.com
-
61cf8baBump lint-staged from 16.1.4 to 16.1.5 (#266) (dependabot[bot])Bumps lint-staged from 16.1.4 to 16.1.5.
updated-dependencies:
- dependency-name: lint-staged dependency-version: 16.1.5 dependency-type: direct:development update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
08ab1b5Update eslint-config to include ES2024 (Carl-Erik Kopseng)4cd3416Create dependabot.yml (#265) (Carl-Erik Kopseng)8d76aa0fix: ignore coverage for mochify.webdriver.cjs (#264) (Yashar Fakhari)7cd4092Upgrade package-lock.json version and add workflow runs on PRs (#263) (Carl-Erik Kopseng)-
Upgrade package-lock.json version
-
Update Node version
-
Run on PRs as well
-
Add Sauce Labs runs
-
55611bdChore: toolchain upgrades (#260) (Yashar Fakhari)- Chore: toolchain upgrades
- Upgrade mochify to @mochify/cli (esbuild-based)
- Replace nyc with c8 for test coverage
ffcfbf3Bump pbkdf2 from 3.1.2 to 3.1.3 (#259) (dependabot[bot])Bumps pbkdf2 from 3.1.2 to 3.1.3.
updated-dependencies:
- dependency-name: pbkdf2 dependency-version: 3.1.3 dependency-type: indirect ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Released by Carl-Erik Kopseng on 2025-08-10.
630f2aeBump elliptic from 6.5.7 to 6.6.1 (#258) (dependabot[bot])Bumps elliptic from 6.5.7 to 6.6.1.
updated-dependencies:
- dependency-name: elliptic dependency-version: 6.6.1 dependency-type: indirect ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dd18c1cRemove deprecated lodash.get (#254) (Yashar Fakhari)We need slightly more than a direct substitution of
.get()with?.because?.handles individual properties and hasNested function needs to handle nested paths which are not single properties.To handle nested paths, the regex is breaking the property string into its individual components and removes empty values. The loop traverses the object, moving one level deeper for each part of the path so we can safely access the next property (part) of the current object (
current = current?.[part]). This handles cases where any intermediate property might beundefinedornull. Ifcurrentbecomesundefinedat any point we know the path doesn't exist, so we can immediately returnfalse. After the loop is finished then the value ofcurrentis the value we want to get.
Released by Carl-Erik Kopseng on 2025-07-25.
631d739Fix low-hanging 'npm audit' fruits (Carl-Erik Kopseng)a3cdefaBump elliptic from 6.5.4 to 6.5.7 (#248) (dependabot[bot])Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
47e4b73Bump browserify-sign from 4.2.1 to 4.2.3 (#249) (dependabot[bot])Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Released by Carl-Erik Kopseng on 2024-09-12.
-
ca41112Update all dependencies (#247) (Carl-Erik Kopseng) -
153c0a7Fix matcher cyclic object infinite recursion issue (#245) (Phil Spitzer)
Released by Carl-Erik Kopseng on 2024-09-12.
5f88086fix: ensure nothing can mutate the exported 'message' (Carl-Erik Kopseng)
Released by Carl-Erik Kopseng on 2023-03-26.
fb6573aPrefer @sinonjs/commons@2 (Morgan Roderick)That makes ES2017 support explicit
Released by Morgan Roderick on 2022-11-07.
85a9acbStop testing in Node 12, start testing in Node 18, 19 (Morgan Roderick)
Released by Morgan Roderick on 2022-11-02.
15295d9Fix #237: Use jQuery#is() for jQuery equality (Morgan Roderick)In f1a1f306018166ad76ab1a1a71d400fc9373f7d0 we added support for Javascript iteraction protocols.
jQuery objects happen to have iteration protocols, so they would trigger the new codepath. However, that code path uses
Array.fromon the input, which doesn't play nice with jQuery's serializer.Luckily, jQuery has the
is()method for comparing its objects.
Released by Morgan Roderick on 2022-11-02.
aa3badbFix to compare input for iteratables. (#229) (Shuhei Aoyama)58480ccnpm audit fix (Morgan Roderick)1b9c378Upgrade benchmark and microtime to latest (Morgan Roderick)3d6e322Remove unused mkdirp dependency (Morgan Roderick)4388ea7Upgrade typescript to latest (Morgan Roderick)4e29ee0Upgrade prettier to latest (Morgan Roderick)f2c548eUpgrade nyc to latest (Morgan Roderick)3bda5a3Upgrade mochify to latest (Morgan Roderick)30ac30bUpgrade mocha to latest (Morgan Roderick)fd9aa60Upgrade jsdoc to latest (Morgan Roderick)501fef7Upgrade husky to latest (Morgan Roderick)See:
10857c2Upgrade @studio/changes to latest (Morgan Roderick)c31f564Upgrade @sinonjs/eslint-config to latest (Morgan Roderick)08ed814Upgrade @sinonjs/referee to latest (Morgan Roderick)a16c58bBump jsdom from 16.2.2 to 16.5.0 (dependabot[bot])Bumps jsdom from 16.2.2 to 16.5.0.
updated-dependencies:
- dependency-name: jsdom dependency-type: direct:development ...
Signed-off-by: dependabot[bot] support@github.com
8b7d7deBump shell-quote from 1.6.1 to 1.7.3 (dependabot[bot])Bumps shell-quote from 1.6.1 to 1.7.3.
updated-dependencies:
- dependency-name: shell-quote dependency-type: indirect ...
Signed-off-by: dependabot[bot] support@github.com
409866fchore: Set permissions for GitHub actions (Morgan Roderick)Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
5a7317fUpdate README (Morgan Roderick)The default branch was renamed
4354403Verify lockfileVersion (Morgan Roderick)be7df9eMerge prettier, lint into static-analysis (Morgan Roderick)2e1bf94Upgrade mocha to latest (Morgan Roderick)3bab205Bump hosted-git-info from 3.0.4 to 3.0.8 (dependabot[bot])Bumps hosted-git-info from 3.0.4 to 3.0.8.
updated-dependencies:
- dependency-name: hosted-git-info dependency-type: indirect ...
Signed-off-by: dependabot[bot] support@github.com
14d3637Bump ajv from 6.10.2 to 6.12.6 (dependabot[bot])Bumps ajv from 6.10.2 to 6.12.6.
updated-dependencies:
- dependency-name: ajv dependency-type: indirect ...
Signed-off-by: dependabot[bot] support@github.com
Released by Morgan Roderick on 2022-10-31.
0a89fbdBump cached-path-relative from 1.0.2 to 1.1.0 (#227) (dependabot[bot])Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
88a3fcaInstall missing dependency mkdocs and update lock file version (Carl-Erik Kopseng)
Released on 2022-01-28.
6955f94fix (#226) (Stuart Dotson)f1a1f30add support for iterables (#225) (Stuart Dotson)2bc9f80Bump path-parse from 1.0.6 to 1.0.7 (dependabot[bot])64dfb5dBump ws from 6.2.1 to 6.2.2 (dependabot[bot])d41050bBump browserslist from 4.16.3 to 4.16.6 (dependabot[bot])
Released on 2022-01-27.
144204dFix deep equal comparison between promises (#217) (David G. Miguel)
Released on 2021-05-24.
decfafeBump y18n from 4.0.0 to 4.0.1 (dependabot[bot])Bumps y18n from 4.0.0 to 4.0.1.
Signed-off-by: dependabot[bot] support@github.com
Released on 2021-04-08.
95d1dceUse @sinonjs/eslint-config (Morgan Roderick)This drops support for legacy runtimes like IE11, legacy Edge, Safari 9 and the like
Released on 2021-03-30.
04e0faaDistribute package as source (Morgan Roderick)This library is not meant for writing end user applications or even for being used directly when writing tests. It is not meant to be loaded directly by browsers.
Consumers of this package are assumed to use their own bundlers, should they need to bundle code for use in browsers or workers.
Therefore, it is safe to distribute the package as source files and not bundle them up.
This allows us to remove the bundler and its transitive dependencies, which reduces the maintenance burden of managing the library.
Released on 2021-01-13.
fd8aabdGenerate .d.ts from JSDoc (Morgan Roderick)See https://humanwhocodes.com/snippets/2020/10/create-typescript-declarations-from-javascript-jsdoc/
Released on 2020-11-16.
f27b87cAdd match.json (Maximilian Antoni)
Released by Maximilian Antoni on 2020-10-06.
820c296Evaluate symbol keys for object matchers (#206) (Joel Bradshaw)- Make match() work for objects with symbol keys
Released on 2020-08-11.
9d2add0Remove unused @sinonjs/formatio (Morgan Roderick)As can be seen with searching the codebase, @sinonjs/formatio is never imported, and is thus not a direct dependency of @sinonjs/samsam.
Released on 2020-02-28.
f9e845aBump formatio to latest major (Morgan Roderick)This will remove some duplication in Sinon, see sinonjs/sinon#2224
Released on 2020-02-20.
fe5d035Bump jsdom from 15.2.1 to 16.2.0 (dependabot-preview[bot])Bumps jsdom from 15.2.1 to 16.2.0.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
910af18Remove maintenance junk from CHANGES.md (Morgan Roderick)
Released on 2020-02-18.
f288430Drop support for Node 8 (Morgan Roderick)As can be seen at https://github.com/nodejs/Release, Node 8 reached "end" of life on 2019-12-31, and is no longer actively supported.
We will stop testing in Node 8 and start testing in Node 13, which will become the next LTS release from April 2020.
Released on 2020-02-18.
c600d6cFix issue with nested array matching (Jay Merrifield)8b37566Bump eslint from 6.7.2 to 6.8.0 (dependabot-preview[bot])Bumps eslint from 6.7.2 to 6.8.0.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
b7c5db9Bump eslint-plugin-prettier from 3.1.1 to 3.1.2 (dependabot-preview[bot])Bumps eslint-plugin-prettier from 3.1.1 to 3.1.2.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
8965384Bump eslint-plugin-mocha from 6.1.1 to 6.2.2 (dependabot-preview[bot])Bumps eslint-plugin-mocha from 6.1.1 to 6.2.2.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
8661610Bump eslint-config-prettier from 6.7.0 to 6.9.0 (dependabot-preview[bot])Bumps eslint-config-prettier from 6.7.0 to 6.9.0.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
7d91124Bump rollup from 1.23.0 to 1.27.14 (dependabot-preview[bot])Bumps rollup from 1.23.0 to 1.27.14.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
31c616aBump nyc from 14.1.1 to 15.0.0 (dependabot-preview[bot])Bumps nyc from 14.1.1 to 15.0.0.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
e82dbcfBump @sinonjs/referee from 3.2.0 to 4.0.0 (dependabot-preview[bot])Bumps @sinonjs/referee from 3.2.0 to 4.0.0.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
b089354Bump eslint-plugin-jsdoc from 18.4.3 to 19.2.0 (dependabot-preview[bot])Bumps eslint-plugin-jsdoc from 18.4.3 to 19.2.0.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
bba8c44Bump @sinonjs/commons from 1.6.0 to 1.7.0 (dependabot-preview[bot])Bumps @sinonjs/commons from 1.6.0 to 1.7.0.
Signed-off-by: dependabot-preview[bot] support@dependabot.com
5915960Publish using public access (Morgan Roderick)28ffc834.2.1 (Morgan Roderick)
Released by Maximilian Antoni on 2020-01-09.
8987966re-introduce bound deepEqual (#160) (James Garbutt)
Released on 2019-12-30.