chore(deps): bump the npm_and_yarn group across 1 directory with 16 updates #2

dependabot · 2025-09-13T00:30:02Z

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package	From	To
@babel/helpers	`7.26.0`	`7.28.4`
@babel/runtime	`7.26.0`	`7.28.4`
@babel/runtime-corejs3	`7.26.0`	`7.28.4`
base-x	`3.0.10`	`3.0.11`
cipher-base	`1.0.4`	`1.0.6`
image-size	`1.2.0`	`1.2.1`
estree-util-value-to-estree	`3.2.1`	`3.4.0`
http-proxy-middleware	`2.0.7`	`2.0.9`
mermaid	`11.4.1`	`11.11.0`
on-headers	`1.0.2`	`1.1.0`
compression	`1.7.4`	`1.8.1`
pbkdf2	`3.1.2`	`3.1.3`
prismjs	`1.29.0`	`1.30.0`
ses	`1.11.0`	`1.14.0`
sha.js	`2.4.11`	`2.4.12`
tar-fs	`1.16.3`	`1.16.5`

Updates @babel/helpers from 7.26.0 to 7.28.4

Release notes

Sourced from @babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
cac0ff4 v7.28.2
f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
baa4cb8 v7.27.6
fdbf1b3 fix: finally causes unexpected return value (#17366)
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
Additional commits viewable in compare view

Updates @babel/runtime from 7.26.0 to 7.28.4

Release notes

Sourced from @babel/runtime's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
ef155f5 v7.28.3
cac0ff4 v7.28.2
f68ac51 chore: Avoid CITGM errors (#17382)
baa4cb8 v7.27.6
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
a0690e3 Split regeneratorRuntime into multiple helpers (#17238)
da5e371 v7.27.3
Additional commits viewable in compare view

Updates @babel/runtime-corejs3 from 7.26.0 to 7.28.4

Release notes

Sourced from @babel/runtime-corejs3's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/runtime-corejs3's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
cac0ff4 v7.28.2
f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
ccc5fae v7.28.0
cd0de90 Update babel-polyfill packages (#17403)
baa4cb8 v7.27.6
fdbf1b3 fix: finally causes unexpected return value (#17366)
7d06930 v7.27.4
Additional commits viewable in compare view

Updates base-x from 3.0.10 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
See full diff in compare view

Updates cipher-base from 1.0.4 to 1.0.6

Changelog

Sourced from cipher-base's changelog.

v1.0.6 - 2024-11-26

Commits

[Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

[Tests] standard -> eslint, make test dir, etc ae02fd6

[Tests] migrate from travis to GHA 66387d7

[meta] fix package.json indentation 5c02918

[Fix] return valid values on multi-byte-wide TypedArray input 8fd1364

[meta] add auto-changelog 88dc806

[meta] add npmignore and safe-publish-latest 7a137d7

Only apps should have lockfiles 42528f2

[Deps] update inherits, safe-buffer 0e7a2d9

[meta] add missing engines.node f2dc13e

Commits

f5249f9 v1.0.6
b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
f03cebf v1.0.5
88dc806 [meta] add auto-changelog
7a137d7 [meta] add npmignore and safe-publish-latest
5c02918 [meta] fix package.json indentation
8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
66387d7 [Tests] migrate from travis to GHA
f2dc13e [meta] add missing engines.node
0e7a2d9 [Deps] update inherits, safe-buffer
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Updates image-size from 1.2.0 to 1.2.1

Release notes

Sourced from image-size's releases.

v1.2.1

Fixes

fix potential Denial of Service via specially crafted payloads in image-size/image-size@640a67d

Full Changelog: image-size/image-size@v1.2.0...v1.2.1

Commits

a4178fb 1.2.1
640a67d fix potential Denial of Service via specially crafted payloads
See full diff in compare view

Updates estree-util-value-to-estree from 3.2.1 to 3.4.0

Release notes

Sourced from estree-util-value-to-estree's releases.

v3.4.0

23b636f Declare there are no side effects in package.json

471b4fe Add support for Float16Array

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.3.3...v3.4.0

v3.3.3

652e019 Use singular Object.defineProperty if possible

d0c394f Fix __proto__ property emit

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.3.2...v3.3.3

v3.3.2

6ecf349 Move @js-temporal/polyfill to devDependencies

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.3.1...v3.3.2

v3.3.1

1c1eb66 Don’t crash if Temporal is undefined

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.3.0...v3.3.1

v3.3.0

014536b Add support for Temporal types

Full Changelog: remcohaszing/estree-util-value-to-estree@v3.2.1...v3.3.0

Commits

a07715c 3.4.0
252291c Update dev dependencies
23b636f Declare there are no side effects in package.json
471b4fe Add support for Float16Array
f56b0fa Update to @remcohaszing/eslint
cb5305c 3.3.3
1854f86 Add remark job as a dependency of release
559fce2 Run tests against Node.js 22
652e019 Use singular Object.defineProperty if possible
d0c394f Fix proto property emit
Additional commits viewable in compare view

Updates http-proxy-middleware from 2.0.7 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

fix(fixRequestBody): check readableLength by @chimurai in chimurai/http-proxy-middleware#1097

chore(package): v2.0.9 by @chimurai in chimurai/http-proxy-middleware#1099

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

fix(fixRequestBody): prevent multiple .write() calls by @chimurai in chimurai/http-proxy-middleware#1090

fix(fixRequestBody): handle invalid request by @chimurai in chimurai/http-proxy-middleware#1091

chore(package): v2.0.8 by @chimurai in chimurai/http-proxy-middleware#1094

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

fix(fixRequestBody): check readableLength

v2.0.8

fix(fixRequestBody): prevent multiple .write() calls

fix(fixRequestBody): handle invalid request

Commits

617a7c9 chore(package): v2.0.9 (#1099)
d22d587 fix(fixRequestBody): check readableLength (#1097)
d03d51b chore(package): v2.0.8 (#1094)
c50dd06 fix(fixRequestBody): handle invalid request (#1091)
76a9d8d fix(fixRequestBody): prevent multiple .write() calls (#1090)
See full diff in compare view

Updates mermaid from 11.4.1 to 11.11.0

Release notes

Sourced from mermaid's releases.

[email protected]

Minor Changes

#6704 012530e Thanks @omkarht! - feat: Added support for new participant types (actor, boundary, control, entity, database, collections, queue) in sequenceDiagram.

#6802 c8e5027 Thanks @darshanr0107! - feat: Update mindmap rendering to support multiple layouts, improved edge intersections, and new shapes

Patch Changes

#6905 33bc4a0 Thanks @darshanr0107! - fix: Render newlines as spaces in class diagrams

#6886 e0b45c2 Thanks @darshanr0107! - fix: Handle arrows correctly when auto number is enabled

[email protected]

Patch Changes

#6886 e0b45c2 Thanks @darshanr0107! - fix: Handle arrows correctly when auto number is enabled

[email protected]

Minor Changes

#6744 daf8d8d Thanks @SpecularAura! - feat: Added support for per link curve styling in flowchart diagram using edge ids

Patch Changes

#6857 b9ef683 Thanks @knsv! - feat: Exposing elk configuration forceNodeModelOrder and considerModelOrder to the mermaid configuration

#6653 2c0931d Thanks @darshanr0107! - chore: Remove the "-beta" suffix from the XYChart, Block, Sankey diagrams to reflect their stable status

#6683 33e08da Thanks @darshanr0107! - fix: Position the edge label in state diagram correctly relative to the edge

#6693 814b68b Thanks @darshanr0107! - fix: Apply correct dateFormat in Gantt chart to show only day when specified

#6734 fce7cab Thanks @darshanr0107! - fix: handle exclude dates properly in Gantt charts when using dateFormat: 'YYYY-MM-DD HH:mm:ss'

#6733 fc07f0d Thanks @omkarht! - fix: fixed connection gaps in flowchart for roundedRect, stadium and diamond shape

#6876 12e01bd Thanks @sidharthv96! - fix: sanitize icon labels and icon SVGs

Resolves CVE-2025-54880 reported by @fourcube

#6801 01aaef3 Thanks @sidharthv96! - fix: Update casing of ID in requirement diagram

#6796 c36cd05 Thanks @HashanCP! - fix: Make flowchart elk detector regex match less greedy

#6702 8bb29fc Thanks @qraqras! - fix(block): overflowing blocks no longer affect later lines

This may change the layout of block diagrams that have overflowing lines (i.e. block diagrams that use up more columns that the columns specifier).

... (truncated)

Commits

9c85521 Merge pull request #6914 from mermaid-js/changeset-release/master
8a565bc Version Packages
baf510b Merge pull request #6912 from mermaid-js/develop
c1f2d05 Merge pull request #6913 from mermaid-js/fix/mindmap-cypress-visual-tests
bce40e1 fix: resolve failing Cypress visual tests for mindmap diagrams
f47dec3 Merge pull request #6911 from mermaid-js/update-timings
88dc4be chore: update E2E timings
e923208 Merge pull request #6802 from mermaid-js/knsv/mindmap-refactoring
e96614a Merge pull request #6895 from shanti2530/docs/xychart-plotcolorpalette-example
73115cb [autofix.ci] apply automated fixes
Additional commits viewable in compare view

Updates on-headers from 1.0.2 to 1.1.0

Release notes

Sourced from on-headers's releases.

1.1.0

Important

Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

What's Changed

Migrate CI pipeline to GitHub actions by @carpasse in jshttp/on-headers#12

fix README.md badges by @carpasse in jshttp/on-headers#13

add OSSF scorecard action by @carpasse in jshttp/on-headers#14

fix: use ubuntu-latest as ci runner by @UlisesGascon in jshttp/on-headers#19

ci: apply OSSF Scorecard security best practices by @UlisesGascon in jshttp/on-headers#20

👷 add upstream change detection by @ctcpip in jshttp/on-headers#31

✨ add script to update known hashes by @ctcpip in jshttp/on-headers#32

💚 update CI - add newer node versions by @ctcpip in jshttp/on-headers#33

New Contributors

@carpasse made their first contribution in jshttp/on-headers#12

@UlisesGascon made their first contribution in jshttp/on-headers#19

@ctcpip made their first contribution in jshttp/on-headers#31

Full Changelog: jshttp/on-headers@v1.0.2...v1.1.0

Changelog

Sourced from on-headers's changelog.

1.1.0 / 2025-07-17

Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

Commits

4b017af 1.1.0
b636f2d ♻️ refactor header array code
3e2c2d4 ✨ ignore falsy header keys, matching node behavior
172eb41 ✨ support duplicate headers
c6e3849 🔒️ fix array handling
6893518 💚 update CI - add newer node versions
56a345d ✨ add script to update known hashes
175ab21 👷 add upstream change detection (#31)
ce0b2c8 ci: apply OSSF Scorecard security best practices (#20)

…pdates Bumps the npm_and_yarn group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.26.0` | `7.28.4` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.26.0` | `7.28.4` | | [@babel/runtime-corejs3](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime-corejs3) | `7.26.0` | `7.28.4` | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.10` | `3.0.11` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.6` | | [image-size](https://github.com/image-size/image-size) | `1.2.0` | `1.2.1` | | [estree-util-value-to-estree](https://github.com/remcohaszing/estree-util-value-to-estree) | `3.2.1` | `3.4.0` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.7` | `2.0.9` | | [mermaid](https://github.com/mermaid-js/mermaid) | `11.4.1` | `11.11.0` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` | | [compression](https://github.com/expressjs/compression) | `1.7.4` | `1.8.1` | | [pbkdf2](https://github.com/crypto-browserify/pbkdf2) | `3.1.2` | `3.1.3` | | [prismjs](https://github.com/PrismJS/prism) | `1.29.0` | `1.30.0` | | [ses](https://github.com/endojs/endo/tree/HEAD/packages/ses) | `1.11.0` | `1.14.0` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `1.16.3` | `1.16.5` | Updates `@babel/helpers` from 7.26.0 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-helpers) Updates `@babel/runtime` from 7.26.0 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime) Updates `@babel/runtime-corejs3` from 7.26.0 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime-corejs3) Updates `base-x` from 3.0.10 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.10...v3.0.11) Updates `cipher-base` from 1.0.4 to 1.0.6 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.6) Updates `image-size` from 1.2.0 to 1.2.1 - [Release notes](https://github.com/image-size/image-size/releases) - [Commits](image-size/image-size@v1.2.0...v1.2.1) Updates `estree-util-value-to-estree` from 3.2.1 to 3.4.0 - [Release notes](https://github.com/remcohaszing/estree-util-value-to-estree/releases) - [Commits](remcohaszing/estree-util-value-to-estree@v3.2.1...v3.4.0) Updates `http-proxy-middleware` from 2.0.7 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.7...v2.0.9) Updates `mermaid` from 11.4.1 to 11.11.0 - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Commits](https://github.com/mermaid-js/mermaid/compare/[email protected]@11.11.0) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `compression` from 1.7.4 to 1.8.1 - [Release notes](https://github.com/expressjs/compression/releases) - [Changelog](https://github.com/expressjs/compression/blob/master/HISTORY.md) - [Commits](expressjs/compression@1.7.4...v1.8.1) Updates `pbkdf2` from 3.1.2 to 3.1.3 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.2...v3.1.3) Updates `prismjs` from 1.29.0 to 1.30.0 - [Release notes](https://github.com/PrismJS/prism/releases) - [Changelog](https://github.com/PrismJS/prism/blob/v2/CHANGELOG.md) - [Commits](PrismJS/prism@v1.29.0...v1.30.0) Updates `ses` from 1.11.0 to 1.14.0 - [Release notes](https://github.com/endojs/endo/releases) - [Changelog](https://github.com/endojs/endo/blob/master/packages/ses/CHANGELOG.md) - [Commits](https://github.com/endojs/endo/commits/[email protected]/packages/ses) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `tar-fs` from 1.16.3 to 1.16.5 - [Commits](mafintosh/tar-fs@v1.16.3...v1.16.5) --- updated-dependencies: - dependency-name: "@babel/helpers" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime-corejs3" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: image-size dependency-version: 1.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: estree-util-value-to-estree dependency-version: 3.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mermaid dependency-version: 11.11.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: compression dependency-version: 1.8.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: prismjs dependency-version: 1.30.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ses dependency-version: 1.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 1.16.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 13, 2025

dependabot bot mentioned this pull request Sep 13, 2025

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #1

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 1 directory with 16 updates #2

chore(deps): bump the npm_and_yarn group across 1 directory with 16 updates #2

Uh oh!

dependabot bot commented on behalf of github Sep 13, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): bump the npm_and_yarn group across 1 directory with 16 updates #2

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 1 directory with 16 updates #2

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 13, 2025

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.28.2 (2025-07-24)

🐛 Bug Fix

v7.28.1 (2025-07-12)

🐛 Bug Fix

📝 Documentation

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.28.2 (2025-07-24)

🐛 Bug Fix

v7.28.1 (2025-07-12)

🐛 Bug Fix

📝 Documentation

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.28.2 (2025-07-24)

🐛 Bug Fix

v7.28.1 (2025-07-12)

🐛 Bug Fix