Bump the npm_and_yarn group across 3 directories with 35 updates by dependabot[bot] · Pull Request #220 · github/vitess-gh

dependabot · 2026-04-02T06:41:05Z

Bumps the npm_and_yarn group with 3 updates in the /vitess-mixin/e2e directory: brace-expansion, cross-spawn and form-data.
Bumps the npm_and_yarn group with 23 updates in the /web/vtadmin directory:

Package	From	To
brace-expansion	`1.1.11`	`1.1.13`
cross-spawn	`6.0.5`	`6.0.6`
form-data	`3.0.1`	`3.0.4`
lodash	`4.17.21`	`4.18.1`
minimatch	`3.1.2`	`3.1.5`
minimatch	`5.1.0`	`5.1.9`
qs	`6.10.3`	`6.14.2`
express	`4.18.1`	`4.22.1`
tmp	`0.0.33`	`removed`
svgo	`2.8.0`	`2.8.2`
@babel/runtime-corejs3	`7.12.5`	`7.29.2`
js-yaml	`3.14.1`	`3.14.2`
@xmldom/xmldom	`0.7.5`	`removed`
ajv	`6.12.6`	`6.14.0`
flatted	`3.1.0`	`3.4.2`
http-proxy-middleware	`2.0.6`	`2.0.9`
immutable	`4.0.0`	`4.3.8`
micromatch	`4.0.4`	`4.0.8`
nanoid	`3.2.0`	`3.3.11`
node-forge	`1.3.1`	`1.4.0`
rollup	`2.63.0`	`2.80.0`
webpack	`5.65.0`	`5.105.4`
ws	`8.6.0`	`8.20.0`
ws	`7.5.6`	`7.5.10`
yaml	`1.10.2`	`1.10.3`

Bumps the npm_and_yarn group with 5 updates in the /web/vtctld2 directory:

Package	From	To
brace-expansion	`1.1.11`	`1.1.13`
ajv	`4.11.8`	`6.14.0`
body-parser	`1.18.2`	`1.20.4`
@angular/common	`2.0.0-rc.5`	`19.2.16`
socket.io	`1.6.0`	`4.8.3`

Updates brace-expansion from 1.1.11 to 1.1.13

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

6c353ca 1.1.13
7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates cross-spawn from 6.0.5 to 6.0.6

Changelog

Sourced from cross-spawn's changelog.

6.0.6 (2024-11-18)

Bug Fixes

disable regexp backtracking (#160) (ba5aaef)

core: support worker threads (#127) (f4af31c)

Commits

d35c865 chore(release): 6.0.6
5a37e19 chore: update package.json and package.lock
ba5aaef fix: disable regexp backtracking (#160)
f4af31c fix(core): support worker threads (#127)
See full diff in compare view

Updates form-data from 2.3.3 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

[Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076

[Dev Deps] update @ljharb/eslint-config, eslint 5822467

[Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

... (truncated)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

lodash: lodash/lodash@4.18.0-npm...4.18.1-npm

lodash-es: lodash/lodash@4.18.0-es...4.18.1-es

lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd

lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

Add security notice for _.template in threat model and API docs (#6099)

Document lower > upper behavior in _.random (#6115)

Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

lodash.orderby

lodash.tonumber

lodash.trim

lodash.trimend

lodash.sortedindexby

lodash.zipobjectdeep

lodash.unset

lodash.omit

lodash.template

Commits

cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
75535f5 chore: prune stale advisory refs (#6170)
62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
59be2de release(minor): bump to 4.18.0 (#6161)
af63457 fix: broken tests for _.template 879aaa9
1073a76 fix: linting issues
879aaa9 fix: validate imports keys in _.template
fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
b819080 ci: add dist sync validation workflow (#6137)
Additional commits viewable in compare view

Updates qs from 6.5.3 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

... (truncated)

Commits

bdcf0c7 v6.14.2
294db90 [readme] document that addQueryPrefix does not add ? to empty output
5c308e5 [readme] clarify parseArrays and arrayLimit documentation
6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
1b9a8b4 [actions] fix rebase workflow permissions
2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
Additional commits viewable in compare view

Updates tmp from 0.1.0 to 0.2.5

Changelog

Sourced from tmp's changelog.

v0.2.2 (2024-02-28)

🐛 Bug Fix

#278 Closes #268: Revert "fix #246: remove any double quotes or single quotes… (@mbargiel)

📝 Documentation

#279 Closes #266: move paragraph on graceful cleanup to the head of the documentation (@silkentrance)

Committers: 5

Carsten Klein (@silkentrance)

Dave Nicolson (@dnicolson)

KARASZI István (@raszi)

Maxime Bargiel (@mbargiel)

@robertoaceves

v0.2.1 (2020-04-28)

🚀 Enhancement

#252 Closes #250: introduce tmpdir option for overriding the system tmp dir (@silkentrance)

🏠 Internal

#253 Closes #191: generate changelog from pull requests using lerna-changelog (@silkentrance)

Committers: 1

Carsten Klein (@silkentrance)

v0.2.0 (2020-04-25)

🚀 Enhancement

#234 feat: stabilize tmp for v0.2.0 release (@silkentrance)

🐛 Bug Fix

#231 Closes #230: regression after fix for #197 (@silkentrance)

#220 Closes #197: return sync callback when using the sync interface, otherwise return the async callback (@silkentrance)

#193 Closes #192: tmp must not exit the process on its own (@silkentrance)

📝 Documentation

#221 Gh 206 document name option (@silkentrance)

🏠 Internal

#226 Closes #212: enable direct name option test (@silkentrance)

#225 Closes #211: existing tests must clean up after themselves (@silkentrance)

#224 Closes #217: name tests must use tmpName (@silkentrance)

#223 Closes #214: refactor tests and lib (@silkentrance)

#198 Update dependencies to latest versions (@matsev)

... (truncated)

Commits

See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.13

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

6c353ca 1.1.13
7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates cross-spawn from 6.0.5 to 6.0.6

Changelog

Sourced from cross-spawn's changelog.

6.0.6 (2024-11-18)

Bug Fixes

disable regexp backtracking (#160) (ba5aaef)

core: support worker threads (#127) (f4af31c)

Commits

d35c865 chore(release): 6.0.6
5a37e19 chore: update package.json and package.lock
ba5aaef fix: disable regexp backtracking (#160)
f4af31c fix(core): support worker threads (#127)
See full diff in compare view

Updates form-data from 3.0.1 to 3.0.4

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

[Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076

[Dev Deps] update @ljharb/eslint-config, eslint 5822467

[Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

... (truncated)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

lodash: lodash/lodash@4.18.0-npm...4.18.1-npm

lodash-es: lodash/lodash@4.18.0-es...4.18.1-es

lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd

lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

Add security notice for _.template in threat model and API docs (#6099)

Document lower > upper behavior in _.random (#6115)

Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

lodash.orderby

lodash.tonumber

lodash.trim

lodash.trimend

lodash.sortedindexby

lodash.zipobjectdeep

lodash.unset

lodash.omit

lodash.template

Commits

cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
75535f5 chore: prune stale advisory refs (#6170)
62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
59be2de release(minor): bump to 4.18.0 (#6161)
af63457 fix: broken tests for _.template 879aaa9
1073a76 fix: linting issues
879aaa9 fix: validate imports keys in _.template
fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
b819080 ci: add dist sync validation workflow (#6137)
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates minimatch from 5.1.0 to 5.1.9

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates qs from 6.10.3 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

[Fix] parse: mark overflow objects for indexed...
Description has been truncated

Bumps the npm_and_yarn group with 3 updates in the /vitess-mixin/e2e directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [cross-spawn](https://github.com/moxystudio/node-cross-spawn) and [form-data](https://github.com/form-data/form-data). Bumps the npm_and_yarn group with 23 updates in the /web/vtadmin directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.13` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `6.0.5` | `6.0.6` | | [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [minimatch](https://github.com/isaacs/minimatch) | `5.1.0` | `5.1.9` | | [qs](https://github.com/ljharb/qs) | `6.10.3` | `6.14.2` | | [express](https://github.com/expressjs/express) | `4.18.1` | `4.22.1` | | [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `removed` | | [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` | | [@babel/runtime-corejs3](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime-corejs3) | `7.12.5` | `7.29.2` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.7.5` | `removed` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [flatted](https://github.com/WebReflection/flatted) | `3.1.0` | `3.4.2` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` | | [immutable](https://github.com/immutable-js/immutable-js) | `4.0.0` | `4.3.8` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.4` | `4.0.8` | | [nanoid](https://github.com/ai/nanoid) | `3.2.0` | `3.3.11` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` | | [rollup](https://github.com/rollup/rollup) | `2.63.0` | `2.80.0` | | [webpack](https://github.com/webpack/webpack) | `5.65.0` | `5.105.4` | | [ws](https://github.com/websockets/ws) | `8.6.0` | `8.20.0` | | [ws](https://github.com/websockets/ws) | `7.5.6` | `7.5.10` | | [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` | Bumps the npm_and_yarn group with 5 updates in the /web/vtctld2 directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.13` | | [ajv](https://github.com/ajv-validator/ajv) | `4.11.8` | `6.14.0` | | [body-parser](https://github.com/expressjs/body-parser) | `1.18.2` | `1.20.4` | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `2.0.0-rc.5` | `19.2.16` | | [socket.io](https://github.com/socketio/socket.io) | `1.6.0` | `4.8.3` | Updates `brace-expansion` from 1.1.11 to 1.1.13 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13) Updates `cross-spawn` from 6.0.5 to 6.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6) Updates `form-data` from 2.3.3 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](https://github.com/form-data/form-data/commits/v4.0.5) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `qs` from 6.5.3 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.10.3...v6.14.2) Updates `tmp` from 0.1.0 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](https://github.com/raszi/node-tmp/commits) Updates `brace-expansion` from 1.1.11 to 1.1.13 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13) Updates `cross-spawn` from 6.0.5 to 6.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6) Updates `form-data` from 3.0.1 to 3.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](https://github.com/form-data/form-data/commits/v4.0.5) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 5.1.0 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `qs` from 6.10.3 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.10.3...v6.14.2) Updates `express` from 4.18.1 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.1...v4.22.1) Removes `tmp` Updates `svgo` from 2.8.0 to 2.8.2 - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v2.8.0...v2.8.2) Updates `@babel/runtime-corejs3` from 7.12.5 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-runtime-corejs3) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Removes `@xmldom/xmldom` Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `body-parser` from 1.20.0 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.18.2...1.20.4) Updates `cookie` from 0.4.1 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.1...v0.7.2) Updates `express` from 4.18.1 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.1...v4.22.1) Updates `path-to-regexp` from 0.1.7 to 0.1.13 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v.0.1.13) Updates `flatted` from 3.1.0 to 3.4.2 - [Commits](WebReflection/flatted@v3.1.0...v3.4.2) Updates `http-proxy-middleware` from 2.0.6 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `immutable` from 4.0.0 to 4.3.8 - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v4.0.0...v4.3.8) Updates `micromatch` from 4.0.4 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.4...4.0.8) Updates `nanoid` from 3.2.0 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.2.0...3.3.11) Updates `node-forge` from 1.3.1 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.4.0) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `rollup` from 2.63.0 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.63.0...v2.80.0) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `webpack` from 5.65.0 to 5.105.4 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.65.0...v5.105.4) Updates `ws` from 8.6.0 to 8.20.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.6.0...8.20.0) Updates `ws` from 7.5.6 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.6.0...8.20.0) Updates `yaml` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v1.10.2...v1.10.3) Updates `brace-expansion` from 1.1.11 to 1.1.13 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13) Updates `ajv` from 4.11.8 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `body-parser` from 1.18.2 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.18.2...1.20.4) Updates `express` from 4.16.3 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.1...v4.22.1) Updates `path-to-regexp` from 0.1.7 to 0.1.13 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v.0.1.13) Updates `http-proxy-middleware` from 0.15.2 to 0.17.4 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `on-headers` from 1.0.1 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `send` from 0.16.2 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.13.2 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `webpack-dev-server` from 2.1.0-beta.0 to 2.1.0-beta.9 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v2.1.0-beta.0...v2.1.0-beta.9) Updates `@angular/common` from 2.0.0-rc.5 to 19.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.2.16/packages/common) Updates `elliptic` from 6.4.0 to 6.6.1 - [Commits](indutny/elliptic@v6.4.0...v6.6.1) Updates `handlebars` from 4.0.5 to 4.0.11 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.0.5...v4.0.11) Updates `socket.io` from 1.6.0 to 4.8.3 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/1.6.0...socket.io@4.8.3) Updates `socket.io-parser` from 2.3.1 to 4.2.6 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/commits/socket.io-parser@4.2.6) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 1.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 6.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 6.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 3.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svgo dependency-version: 2.8.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/runtime-corejs3" dependency-version: 7.29.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@xmldom/xmldom" dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immutable dependency-version: 4.3.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.20.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 1.10.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 0.17.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 2.1.0-beta.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@angular/common" dependency-version: 19.2.16 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: elliptic dependency-version: 6.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: handlebars dependency-version: 4.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-version: 4.8.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-version: 4.2.6 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 2, 2026

dependabot bot mentioned this pull request Apr 2, 2026

Bump the npm_and_yarn group across 2 directories with 3 updates #219

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 3 directories with 35 updates#220

Bump the npm_and_yarn group across 3 directories with 35 updates#220
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/vitess-mixin/e2e/npm_and_yarn-6365287293

dependabot bot commented on behalf of github Apr 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 2, 2026

v1.1.12

6.0.6 (2024-11-18)

Bug Fixes

v4.0.4

v4.0.4 - 2025-07-16

Commits

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.2

v4.0.2 - 2025-02-14

Merged

Fixed

Commits

v4.0.5 - 2025-11-17

Commits

v4.0.4 - 2025-07-16

Commits

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.2 - 2025-02-14

Merged

Fixed

4.18.1

Bugs

4.18.0

v4.18.0

Security

Docs

lodash.* modular packages

6.14.2

6.14.1

6.14.0

6.13.3

6.13.2

6.13.1

v0.2.2 (2024-02-28)

🐛 Bug Fix

📝 Documentation

Committers: 5

v0.2.1 (2020-04-28)

🚀 Enhancement

🏠 Internal

Committers: 1

v0.2.0 (2020-04-25)

🚀 Enhancement

🐛 Bug Fix

📝 Documentation

🏠 Internal

v1.1.12

6.0.6 (2024-11-18)

Bug Fixes

v4.0.4

v4.0.4 - 2025-07-16

Commits

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.2

v4.0.2 - 2025-02-14

Merged

Fixed

Commits

v4.0.5 - 2025-11-17

Commits

v4.0.4 - 2025-07-16

Commits

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.2 - 2025-02-14

Merged

Fixed

4.18.1

Bugs

`lodash.*` modular packages

`lodash.*` modular packages