Bump the npm_and_yarn group across 1 directory with 30 updates

[dependabot]

Bumps the npm_and_yarn group with 29 updates in the / directory:

Package	From	To
koa	2.5.3	2.16.1
react-router	4.3.1	7.5.2
serialize-javascript	1.5.0	3.1.0
html-minifier	3.5.20	4.0.0
pug	2.0.4	3.0.2
@babel/traverse	7.5.0	7.27.0
async	2.6.1	2.6.4
browserify-sign	4.0.4	4.2.3
browserslist	4.6.3	4.24.4
color-string	1.5.3	1.9.1
css-what	2.1.0	2.1.3
decode-uri-component	0.2.0	0.2.2
dot-prop	4.2.0	4.2.1
elliptic	6.4.1	6.6.1
es5-ext	0.10.46	0.10.64
eslint-utils	1.3.1	1.4.3
fsevents	1.2.4	1.2.13
hosted-git-info	2.7.1	2.8.9
ini	1.3.5	1.3.8
loader-utils	1.1.0	1.4.2
lodash.mergewith	4.6.1	4.6.2
minimatch	3.0.4	3.0.8
mixin-deep	1.3.1	1.3.2
path-parse	1.0.6	1.0.7
path-to-regexp	1.7.0	1.9.0
qs	6.5.2	6.5.3
shell-quote	1.6.1	1.8.2
thenify	3.3.0	3.3.1
urijs	1.19.1	1.19.11

Updates koa from 2.5.3 to 2.16.1

Release notes

Sourced from koa's releases.

v2.16.1

fix: don't render redirect values in anchor ref

2.16.0

This is a backported release to fix core underlying issue with HEAD requests when using http2.createSecureServer. See discussion at koajs/koa#1593 and koajs/koa#1547.

• fix missing cleanup, if response socket is no longer writeable (issue 1547) (koajs/koa#1593) 399cb6b0dd2104224c0ef0ce8e92f84e4f7faf42

2.15.4

Full Changelog: koajs/koa@2.15.3...2.15.4

Fix: avoid redos on host and protocol getter, see GHSA-593f-38f6-jp5m

Changelog

Sourced from koa's changelog.

[!IMPORTANT] Moving forwards we are using the GitHub releases page at https://github.com/koajs/koa/releases in combination with np for publishing releases and their changelogs.

---

3.0.0-alpha.3 / 2025-02-11

fixes

• Avoid redos on host and protocol getter

3.0.0-alpha.2 / 2024-11-04

breaking changes

• Update http-errors to v2.0.0 #1486
  • ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors
• Remove res.redirect('back'), add back() method to ctx #1115
• Replace node querystring with URLSearchParams #1828
• Remove obsolete createAsyncCtxStorageMiddleware #1817

features

• Add support for web WHATWG #1830

updates

• Update cookies to ~0.9.1 #1846
• Update statuses to ^2.0.1
• Update supertest to ^7.0.0 #1841

fixes

• Fix exports.defaults in package.json #1630
• Fix leaky handles in tests #1838
• Fix body null checks #1814
• Fix reformatting redirect URLs #1805 #1804
• Fix passing ctx in error handler #1758

migrations

• Migrate from jest to the native node test runner #1845

3.0.0-alpha.1 / 2023-04-12

fixes

• [e98b8d1] - fix: can not get currentContext in error handler (#1758) (Gxkl )

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

... (truncated)

Commits

• ba14822 2.16.1
• 2ff6c3f 2.16.0
• 3d51d03 ci: allow codecov to fail
• eb84d89 fix: don't render redirect values in anchor ref
• 5f294bb Merge commit from fork
• 77cbf2e Release 2.15.3
• 1fad597 fix: require URL from 'url' module (#1809)
• ddbff30 Release 2.15.2
• 94e8def fix: handle upper case protocol like HTTP or HTTPS (#1806)
• 549455d Release 2.15.1
• Additional commits viewable in compare view

Updates react-router from 4.3.1 to 7.5.2

Release notes

Sourced from react-router's releases.

v7.5.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v752

v7.5.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v751

v7.5.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v750

v7.4.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v741

v7.4.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v740

v7.3.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v730

v6.30.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6300

v7.2.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v720

v.7.1.5

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v715

v7.1.4

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v714

v6.29.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6290

v7.1.3

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v713

v7.1.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v712

v6.28.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6282

v7.1.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v711

v7.1.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v710

v6.28.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6281

... (truncated)

Changelog

Sourced from react-router's changelog.

7.5.2

Patch Changes

• Update Single Fetch to also handle the 204 redirects used in ?_data requests in Remix v2 (#13364)

  • This allows applications to return a redirect on .data requests from outside the scope of React Router (i.e., an express/hono middleware)
  • ⚠️ Please note that doing so relies on implementation details that are subject to change without a SemVer major release
  • This is primarily done to ease upgrading to Single Fetch for existing Remix v2 applications, but the recommended way to handle this is redirecting from a route middleware

• Adjust approach for Prerendering/SPA Mode via headers (#13453)

7.5.1

Patch Changes

• Fix single fetch bug where no revalidation request would be made when navigating upwards to a reused parent route (#13253)

• When using the object-based route.lazy API, the HydrateFallback and hydrateFallbackElement properties are now skipped when lazy loading routes after hydration. (#13376)

  If you move the code for these properties into a separate file, you can use this optimization to avoid downloading unused hydration code. For example:

  createBrowserRouter([
    {
      path: "/show/:showId",
      lazy: {
        loader: async () => (await import("./show.loader.js")).loader,
        Component: async () => (await import("./show.component.js")).Component,
        HydrateFallback: async () =>
          (await import("./show.hydrate-fallback.js")).HydrateFallback,
      },
    },
  ]);

• Properly revalidate prerendered paths when param values change (#13380)

• UNSTABLE: Add a new unstable_runClientMiddleware argument to dataStrategy to enable middleware execution in custom dataStrategy implementations (#13395)

• UNSTABLE: Add better error messaging when getLoadContext is not updated to return a Map" (#13242)

• Do not automatically add null to staticHandler.query() context.loaderData if routes do not have loaders (#13223)

  • This was a Remix v2 implementation detail inadvertently left in for React Router v7
  • Now that we allow returning undefined from loaders, our prior check of loaderData[routeId] !== undefined was no longer sufficient and was changed to a routeId in loaderData check - these null values can cause issues for this new check
  • ⚠️ This could be a "breaking bug fix" for you if you are doing manual SSR with createStaticHandler()/<StaticRouterProvider>, and using context.loaderData to control <RouterProvider> hydration behavior on the client

• Fix prerendering when a loader returns a redirect (#13365)

... (truncated)

Commits

• 5819e0c chore: Update version for release (#13456)
• d0cac33 chore: Update version for release (pre) (#13454)
• c843029 Adjust approach for prerendering/SPA mode via headers (#13453)
• 8e4963f Restore handling of 204 "soft" redirects on data requests (#13364)
• ed77157 update session documentation links (#13448)
• 4281172 Missed refactor updates
• b166e48 Minor refactors to support RSC (#13423)
• 5dd7c15 chore: Update version for release (#13422)
• 6ce4a79 chore: Update version for release (pre) (#13412)
• cd5681b Slight refactor of fetchAndDecode for RSC (#13409)
• Additional commits viewable in compare view

Updates serialize-javascript from 1.5.0 to 3.1.0

Release notes

Sourced from serialize-javascript's releases.

v3.1.0

• Bump mocha from 7.1.2 to 7.2.0 (#83)
• Bump mocha from 7.1.1 to 7.1.2 (#82)
• Bump nyc from 15.0.0 to 15.0.1 (#81)
• Don't replace regex / function placeholders within string literals (#79)
• [Security] Bump minimist from 1.2.0 to 1.2.5 (#78)
• Bump mocha from 7.1.0 to 7.1.1 (#77)
• Bump mocha from 7.0.1 to 7.1.0 (#74)
• Update example in README (#73)

Note: the randombytes has been added to the dependency package to improve the generation of UIDs. Check the #22 for more information. Thanks to @​JordanMilne and @​Siebes for this change.

v3.0.0

• Introduce support for Infinity (@​vthibault, #72)
• Bump mocha from 7.0.0 to 7.0.1 (#71)
• Test on Node.js v12 (@​okuryu, #70)
• Bump mocha from 6.2.2 to 7.0.0 (#69)
• Bump nyc from 14.1.1 to 15.0.0 (#68)

Behavior changes for Infinity

It serializes Infinity values as follows since this version. The result of serialization may be changed if you are passing Infinity values into the serialize-javascript.

v3.x

const serialize = require('serialize-javascript');
serialize({inf: Infinity}); // '{"inf":Infinity}'

v2.x

const serialize = require('serialize-javascript');
serialize({inf: Infinity}); // '{"inf":null}'

v2.1.2

• Ignore .nyc_output (@​styfle, #64)

v2.1.1

• Fix regular expressions Cross-Site Scripting (XSS) vulnerability (see security advisory)
• Migrate to nyc from istanbul

v2.1.0

• Add ignoreFunction option (@​realdennis, #58)

v2.0.0

... (truncated)

Commits

• b54341e v3.1.0
• 7cee7e4 Revert "support for bigint (#80)"
• 026a445 Bump mocha from 7.1.2 to 7.2.0 (#83)
• 5130a71 support for bigint (#80)
• ea76b23 Bump mocha from 7.1.1 to 7.1.2 (#82)
• 073c8d8 Bump nyc from 15.0.0 to 15.0.1 (#81)
• f21a6fb Don't replace regex / function placeholders within string literals (#79)
• 1ac487e [Security] Bump minimist from 1.2.0 to 1.2.5 (#78)
• c795cef Bump mocha from 7.1.0 to 7.1.1 (#77)
• 3064431 Bump mocha from 7.0.1 to 7.1.0 (#74)
• Additional commits viewable in compare view

Updates html-minifier from 3.5.20 to 4.0.0

Release notes

Sourced from html-minifier's releases.

4.0.0

Bug fixes

• handle custom fragments within CSS/JS correctly (#1001, #1015)

Changes

• Drop Node.js < 6 support

Improvements

• implement continueOnParseError to treat invalid characters as text (#1004)
• minify Content-Security-Policy (#947, #975, #1014)
• upgrade to commander 2.19.0
• upgrade to grunt-contrib-uglify 4.0.1
• upgrade to gruntify-eslint 5.0.0
• upgrade to uglify-js 3.5.1

Commits

• 4beb325 Version 4.0.0
• 583e086 handle custom fragments within CSS/JS correctly (#1015)
• 47b7042 minify Content-Security-Policy (#1014)
• c810fa3 Update Jekyll's ignores. (#1013)
• f3f080c Remove eslint-plugin-no-use-extend-native. (#1012)
• da5c7a5 Update .gitattributes. (#1011)
• c3a9ab7 Travis: remove only gh-pages branch. (#1010)
• 5342a06 Drop Node.js < 6 support. (#1008)
• df65c0c Update .travis.yml (#1006)
• ce0e834 implement continueOnParseError (#1004)
• Additional commits viewable in compare view

Updates pug from 2.0.4 to 3.0.2

Release notes

Sourced from pug's releases.

[email protected]

Bug Fixes

• Sanitise the pretty option (#3314)

  If a malicious attacker could control the pretty option, it was possible for them to achieve remote code execution on the server rendering the template. All pug users should upgrade as soon as possible, see #3312 for more details.

[email protected]

Bug Fixes

• Serialize Buffers to strings when storing sources for use with compileDebug: true (#3269)

[email protected]

Bug Fixes

• Update with to resolve core-js deprecation notice (#3259)

[email protected]

Bug Fixes

• Properly handle non-string values when rethrowing errors (#3269)

[email protected]

Bug Fixes

• Sanitise the pretty option (#3314)

  If a malicious attacker could control the pretty option, it was possible for them to achieve remote code execution on the server rendering the template. All pug users should upgrade as soon as possible, see #3312 for more details.

[email protected]

Breaking Changes

• Drop support for node 6 and 8 (#3243)

[email protected]

Breaking Changes

• Drop support for node 6 and 8 (#3243)

New Features

• Support EachOf nodes (#3179)

[email protected]

Breaking Changes

• read plugins must now return Buffer if you want to support filters that use renderBuffer (#3213)

• Drop support for node 6 and 8 (#3243)

... (truncated)

Commits

• d4b7f60 Properly handle errors originating from included files when compileDebug is e...
• d6f0615 fix capture groups for "each" statements (#3274)
• 73ea7cf fix: keep lexer plugins inside tag interpolation (#3296)
• 29a53c5 fix: Fix pug-lexer parsed escaped interpolations incorrectly (#3299)
• 60b1b15 chore: update supported versions (#3315)
• 991e78f fix: sanitise and escape the pretty option (#3314)
• 06baa52 Fix TypeScript and add eachOf token definition (#3262)
• 13e46e9 chore: update with (#3259)
• c077df4 docs: fix rolling versions link
• ccba7da ci: publish canary release (#3257)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pug-bot, a new releaser for pug since your current version.

Updates @babel/traverse from 7.5.0 to 7.27.0

Release notes

Sourced from @​babel/traverse's releases.

v7.27.0 (2025-03-24)

Thanks @​ishchhabra and @​vovkasm for your first PRs!

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Ish Chhabra (@​ishchhabra)
• Vladimir Timofeev (@​vovkasm)
• @​liuxingbaoyu

v7.26.10 (2025-03-11)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.0 (2025-03-24)

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

v7.26.10 (2025-03-11)

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)

... (truncated)

Commits

• 5c350ea v7.27.0
• 582538c Allow traverseFast to exit early (#17169)
• 4ad63a4 [Babel 8] Remove BLOCK_SCOPED_SYMBOL and NOT_LOCAL_BINDING (#17148)
• 0d0d577 fix: Reset child scopes when scope.crawl() (#17170)
• c51cffd feat: Add upToScope parameter to hasBinding (#17102)
• f902742 chore: Update TS 5.8 (#17185)
• b1bca3d fix: Uninitialized var declarator in loop marked as constantViolation (#17168)
• e1ce99d v7.26.10
• 51ec746 fix: Should not evaluate vars in child scope (#17151)
• 64bca7b v7.26.9
• Additional commits viewable in compare view

Updates async from 2.6.1 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

v2.6.3

• Updated lodash to squelch a security warning (#1675)

v2.6.2

• Updated lodash to squelch a security warning (#1620)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• f1d8383 Version 2.6.3
• 2b674c1 update changelog
• eab740f fix: udpate lodash. closes #1675
• eaf32be Version 2.6.2
• 684b42e Update built files
• e1bd3da update changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

• bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

• switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates browserslist from 4.6.3 to 4.24.4

Release notes

Sourced from browserslist's releases.

4.24.4

• Improved performance by using caching better (by @​thoughtspile).

4.24.3

• Updated Firefox ESR (by @​fpapado).

4.24.2

• Clarify outdated caniuse-lite warning text.

4.24.1

• Added months since last caniuse-lite update to the warning (by @​mezhnin).

4.24.0

• Added browserslist.findConfigFile() helper (by @​JLHwung).

4.23.3

• Fixed >= query for ios (by @​syi0808).

4.23.2

• Updated Firefox ESR.

4.23.1

• Fixed feature query with mobile to desktop when caniuse lags (by @​steverep).

4.23.0

• Added BROWSERSLIST_ROOT_PATH (by @​teleclimber).

Changelog

Sourced from browserslist's changelog.

4.24.4

• Improved performance by using caching better (by @​thoughtspile).

4.24.3

• Updated Firefox ESR (by @​fpapado).

4.24.2

• Clarify outdated caniuse-lite warning text.

4.24.1

• Added months since last caniuse-lite update to the warning (by @​mezhnin).

4.24.0

• Added browserslist.findConfigFile() helper (by @​JLHwung).

4.23.3

• Fixed >= query for ios (by @​syi0808).

4.23.2

• Updated Firefox ESR.

4.23.1

• Fixed feature query with mobile to desktop when caniuse lags (by @​steverep).

4.23.0

• Added BROWSERSLIST_ROOT_PATH (by @​teleclimber).

4.22.3

• Fixed white spaces support in supports query (@​g-plane).
• Fixed shared config like @company/package/browserslist-config (@​boucodes).

4.22.2

• Fixed idempotency in time queries with mobileToDesktop (by Aliaksei Sapach).

4.22.1

• Updated Firefox ESR (by @​lerkor).

4.22

• Added fully supports query (by Ben Scott).
• Added partially supports alias for supports query (by Ben Scott).

4.21.11

• Added warning to --update-db to move to new CLI (by Ivan Vasilev).
• Fixed docs (by Tatsunori Uchino).

4.21.10

• Updated Firefox ESR.

4.21.9

• Fixed Opera Mobile edge cases (by Steve Repsher).

... (truncated)

Commits

• ae1e1b3 Release 4.24.4 version
• 442e4ac Try to fix CI
• a6bbfc5 Update config types
• a687422 Update pnpm

[changeset-bot]

⚠️ No Changeset found

Latest commit: 64f0a85

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	node-releases@​1.1.25 ⏵ 2.0.19			-38
	hasown@​2.0.2
	path-parse@​1.0.6 ⏵ 1.0.7		+5	-1
	is-core-module@​2.16.1
	void-elements@​2.0.1 ⏵ 3.1.0			-5
	randombytes@​2.0.6 ⏵ 2.1.0	+1		+1
	picocolors@​1.1.1
	@​babel/​helper-validator-identifier@​7.25.9
	@​babel/​helper-string-parser@​7.25.9
	update-browserslist-db@​1.1.3
	caniuse-lite@​1.0.30000979 ⏵ 1.0.30001715	+1		-25
	pug-linker@​3.0.6 ⏵ 4.0.0	+1		+1
	supports-preserve-symlinks-flag@​1.0.0
	lodash.mergewith@​4.6.1 ⏵ 4.6.2	+1	+16	+1
	tsscmp@​1.0.6
	next-tick@​1.0.0 ⏵ 1.1.0	+1		+7
	@​jridgewell/​set-array@​1.2.1
	decode-uri-component@​0.2.0 ⏵ 0.2.2		+16	+6
	emojis-list@​2.1.0 ⏵ 3.0.0	+1		-3
	is-expression@​3.0.0 ⏵ 4.0.0			-2
	esniff@​2.0.1
See 58 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		[email protected] is Protestware or potentially unwanted behavior. Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts. Source: yarn.lock ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report