feat(deps): bump the production-patch-minor group across 4 directories with 15 updates

[dependabot]

Bumps the production-patch-minor group with 14 updates in the / directory:

Package	From	To
dotenv	16.4.5	16.6.1
@ai-sdk/provider	0.0.11	0.0.26
@next/env	14.2.3	14.2.35
@vercel/functions	1.0.2	1.6.0
ajv	8.17.1	8.18.0
cors	2.8.5	2.8.6
esbuild	0.27.0	0.28.0
express	4.21.2	4.22.1
http-errors	2.0.0	2.0.1
minimatch	9.0.3	9.0.9
simple-git	3.21.0	3.36.0
source-map	0.7.4	0.7.6
zod-to-json-schema	3.22.5	3.25.2
ai	3.2.16	3.4.33

Bumps the production-patch-minor group with 1 update in the /integrations/browser-js directory: braintrust.
Bumps the production-patch-minor group with 2 updates in the /integrations/vercel-ai-sdk directory: @ai-sdk/provider and ai.
Bumps the production-patch-minor group with 13 updates in the /js directory:

Package	From	To
dotenv	16.4.5	16.6.1
@ai-sdk/provider	0.0.11	0.0.26
@next/env	14.2.3	14.2.35
@vercel/functions	1.0.2	1.6.0
ajv	8.17.1	8.18.0
cors	2.8.5	2.8.6
esbuild	0.27.0	0.28.0
express	4.21.2	4.22.1
http-errors	2.0.0	2.0.1
minimatch	9.0.3	9.0.9
simple-git	3.21.0	3.36.0
source-map	0.7.4	0.7.6
zod-to-json-schema	3.22.5	3.25.2

Updates dotenv from 16.4.5 to 16.6.1

Changelog

Sourced from dotenv's changelog.

16.6.1 (2025-06-27)

Changed

• Default quiet to true – hiding the runtime log message (#874)
• NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
• And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@dotenvx/dotenvx').config().

16.6.0 (2025-06-26)

Added

• Default log helpful message [dotenv@16.6.0] injecting env (1) from .env (#870)
• Use { quiet: true } to suppress
• Aligns dotenv more closely with dotenvx.

16.5.0 (2025-04-07)

Added

• 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP] Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM. Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

• Remove _log method. Use _debug #862

16.4.7 (2024-12-03)

Changed

• Ignore .tap folder when publishing. (oops, sorry about that everyone. - @​motdotla) #848

16.4.6 (2024-12-02)

Changed

• Clean up stale dev dependencies #847
• Various README updates clarifying usage and alternative solutions using dotenvx

Commits

• 076ba3b 16.6.1
• 8867fe0 changelog 🪵
• 424c32d Merge pull request #874 from motdotla/default-quiet-to-true
• 5270faf changelog 🪵
• 86ce001 force failure of path.relative in test
• e6799e6 add tests
• ec72534 add to test coverage
• c886084 send coverage to text as well
• a791032 add test
• fa67c02 test quiet: false
• Additional commits viewable in compare view

Updates @ai-sdk/provider from 0.0.11 to 0.0.26

Commits

• f7dce25 Version Packages (#3347)
• 811a317 feat (ai/core): multi-part tool results (incl. images) (#3362)
• 85b98da revert fix (ai/core): handle tool calls without results in message conversion...
• 1486128 feat (provider/google): support file URLs without downloads (#3355)
• 3b1b69a feat: provider-defined tools (#3353)
• 7ceed77 feat (ai/core): expose response message for each step (#3343)
• 1386e0a feat (docs): add info around custom models to google vertex provider (#3346)
• aa98cdb chore: more flexible dependency versioning (#3341)
• 8c222cd feat (provider/anthropic): update model ids (#3342)
• 7b937c5 feat (provider-utils): improve id generator robustness (#3340)
• Additional commits viewable in compare view

Updates @next/env from 14.2.3 to 14.2.35

Commits

• 7b940d9 v14.2.35
• f307368 v14.2.34
• 5a97b40 v14.2.33
• 89ee561 v14.2.32
• 55f7662 v14.2.31
• 243072b v14.2.30
• ca92115 v14.2.29
• e65628a v14.2.28
• 43f10b8 v14.2.27
• 10a042c v14.2.26
• Additional commits viewable in compare view

Updates @vercel/functions from 1.0.2 to 1.6.0

Release notes

Sourced from @​vercel/functions's releases.

@​vercel/h3@​0.1.78

Patch Changes

• Updated dependencies []:
  • @​vercel/node@​5.7.11

@​vercel/detect-agent@​1.2.3

Patch Changes

• Add v0 to detect-agent supported agents (#16016)

@​vercel/h3@​0.1.77

Patch Changes

• Updated dependencies []:
  • @​vercel/node@​5.7.10

@​vercel/h3@​0.1.75

Patch Changes

• Updated dependencies []:
  • @​vercel/node@​5.7.8

@​vercel/rust@​1.1.1

Patch Changes

• Support entry point without extension for dev server (#15998)

@​vercel/h3@​0.1.74

Patch Changes

• Updated dependencies [16aca7dadcea2f877ffae79afa72c14a95f682e3]:
  • @​vercel/node@​5.7.7

@​vercel/h3@​0.1.73

Patch Changes

• Updated dependencies []:
  • @​vercel/node@​5.7.6

Changelog

Sourced from @​vercel/functions's changelog.

1.6.0

Minor Changes

• Add middleware-related helper functions (#12938)

1.5.2

Patch Changes

• [vercel/functions] add geolocation.postalCode (#12753)

1.5.1

Patch Changes

• [@​vercel/functions] update headers doc (#12649)

1.5.0

Minor Changes

• ipAddress: accept headers as input (#12429)

1.4.2

Patch Changes

• [functions] decode city name (#12234)

1.4.1

Patch Changes

• Package files in the root folder (#11982)

1.4.0

Minor Changes

• Added OIDC Token utility functions (#11701)

1.3.0

Minor Changes

• [functions] add getEnv method. (#11783)

1.2.0

... (truncated)

Commits

• 1e98464 Version Packages (#12851)
• a1266a8 [react-router] Add initial @vercel/react-router package (#12903)
• 3b5b731 Update @vercel/functions generated docs (#12812)
• 247fb5a [edge] use @vercel/functions (#12758)
• 8cf0f1a Version Packages (#12756)
• 2cace21 [vercel/functions] add geolocation.postalCode (#12753)
• b051248 Version Packages (#12648)
• 03825ff [@​vercel/functions] update headers doc (#12649)
• fdee7f0 [docs] point @vercel/functions docs to vercel.com (#12431)
• 37293e5 Version Packages (#12424)
• Additional commits viewable in compare view

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

• feat: allow tree-shaking by adding "sideEffects": false to package.json by @​josdejong in ajv-validator/ajv#2480
• fix: #2482 Infinity and NaN serialise to null by @​jasoniangreen in ajv-validator/ajv#2487
• fix: small grammatical error in managing-schemas.md by @​monteiro-renato in ajv-validator/ajv#2508
• fix: typos in schema-language.md by @​monteiro-renato in ajv-validator/ajv#2507
• fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @​epoberezkin in ajv-validator/ajv#2586

New Contributors

• @​josdejong made their first contribution in ajv-validator/ajv#2480
• @​monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

• 142ce84 8.18.0
• 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
• 82735a1 fix: typos in schema-language.md (#2507)
• b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
• 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
• f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
• See full diff in compare view

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

• Build: Node.js@12.16 and Node.js.13.12 by @​smondal in expressjs/cors#189
• Update README.md for origin function callback parameters by @​dstudzinski in expressjs/cors#180
• Suggest passing false for disallowed domains, not erroring by @​shackpank in expressjs/cors#175
• Changed the term whitelist to allowlist in Documentation by @​jkasun in expressjs/cors#200
• Fix typo in README by @​alex-grover in expressjs/cors#207
• Added new link & website in the README by @​manjunath00 in expressjs/cors#269
• Fix functions call with extra parameter by @​LuisEGR in expressjs/cors#245
• 🐛 Fix readme status badge by @​homersimpsons in expressjs/cors#306
• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/cors#321
• ci: fix errors in ci github action for node 8 by @​inigomarquinez in expressjs/cors#322
• test: improved test robustness by @​Alex-GF in expressjs/cors#320
• chore: upgrade scorecard workflow pinned action versions by @​carpasse in expressjs/cors#341
• ci: add CodeQL (SAST) by @​bjohansebas in expressjs/cors#340
• docs: remove broken link to demo site by @​dpopp07 in expressjs/cors#344
• OSSF Scorecard recommendations by @​UlisesGascon in expressjs/cors#350
• build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @​dependabot[bot] in expressjs/cors#351
• build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in expressjs/cors#353
• build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @​dependabot[bot] in expressjs/cors#354
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @​dependabot[bot] in expressjs/cors#355
• build(deps-dev): bump express from 4.17.1 to 4.21.2 by @​dependabot[bot] in expressjs/cors#356
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot[bot] in expressjs/cors#352
• build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @​dependabot[bot] in expressjs/cors#358
• update the docs for per request config by @​jonchurch in expressjs/cors#338
• (fix): readme updated for #271 origin option for * by @​dhananjaysa92 in expressjs/cors#289
• ci: upgrade Node versions by @​UlisesGascon in expressjs/cors#359
• chore: add funding to package.json by @​bjohansebas in expressjs/cors#363
• build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @​dependabot[bot] in expressjs/cors#371
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in expressjs/cors#370
• docs: Cleanup README by @​efekrskl in expressjs/cors#374
• chore: add node v25 by @​imangas in expressjs/cors#375
• Extend CI test matrix by @​imangas in expressjs/cors#376
• docs: simplify code examples with header comments by @​jonchurch in expressjs/cors#386
• docs: tweak intro, add note w/ browser enforcement, FAQ by @​jonchurch in expressjs/cors#385
• chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @​Phillip9587 in expressjs/cors#388
• Release: 2.8.6 by @​UlisesGascon in expressjs/cors#390

New Contributors

• @​smondal made their first contribution in expressjs/cors#189
• @​dstudzinski made their first contribution in expressjs/cors#180
• @​shackpank made their first contribution in expressjs/cors#175
• @​jkasun made their first contribution in expressjs/cors#200
• @​alex-grover made their first contribution in expressjs/cors#207
• @​manjunath00 made their first contribution in expressjs/cors#269
• @​LuisEGR made their first contribution in expressjs/cors#245
• @​homersimpsons made their first contribution in expressjs/cors#306
• @​inigomarquinez made their first contribution in expressjs/cors#321
• @​Alex-GF made their first contribution in expressjs/cors#320
• @​carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

• Improve documentation (API, context, examples...)
• Remove additional markdown files from tarball

Commits

• f00a8c1 2.8.6 (#390)
• 848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
• cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
• bbf62a5 docs: simplify code examples with header comments (#386)
• f442e77 Extend CI test matrix (#376)
• d5cf6cd ci: add support for node@25 (#375)
• 7e6f7ee docs: revamp content (#374)
• b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
• f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
• 9a9a760 chore: add funding to package.json (#363)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates esbuild from 0.27.0 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

v0.27.7

• Fix lowering of define semantics for TypeScript parameter properties (#4421)

  The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

  // Original code
  class Foo {
    constructor(public x = 1) {}
    y = 2
  }
  // Old output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  this.x = x;
  __publicField(this, "y", 2);
  }
  x;
  }
  // New output (with --loader=ts --target=es2021)
  class Foo {

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2025

This changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).

0.27.2

• Allow import path specifiers starting with #/ (#4361)

  Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

  This change was contributed by @​hybrist.

• Automatically add the -webkit-mask prefix (#4357, #4358)

  This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

  /* Original code */
  main {
    mask: url(x.png) center/5rem no-repeat
  }
  /* Old output (with --target=chrome110) */
  main {
  mask: url(x.png) center/5rem no-repeat;
  }
  /* New output (with --target=chrome110) */
  main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
  }

  This change was contributed by @​BPJEnnova.

• Additional minification of switch statements (#4176, #4359)

  This release contains additional minification patterns for reducing switch statements. Here is an example:

  // Original code
  switch (x) {
    case 0:
      foo()
      break
    case 1:
    default:
      bar()
  }

... (truncated)

Commits

• 6a794df publish 0.28.0 to npm
• 64ee0ea fix #4435: support with { type: text } imports
• ef65aee fix sort order in snapshots_packagejson.txt
• 1a26a8e try to fix test-old-ts, also shuffle CI tasks
• 556ce6c use '' instead of null to omit build hashes
• 8e675a8 ci: allow missing binary hashes for tests
• 7067763 Reapply "update go 1.25.7 => 1.26.1"
• 39473a9 fix #4343: integrity check for binary download
• 2025c9f publish 0.27.7 to npm
• c6b586e fix typo in Makefile for @esbuild/win32-x64
• Additional commits viewable in compare view

Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 4.22.1 by @​UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• Refactor: improve readability by @​sazk07 in expressjs/express#6190
• ci: add support for Node.js@23.0 by @​UlisesGascon in expressjs/express#6080
• Method functions with no path should error by @​wesleytodd in expressjs/express#5957
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/express#6323
• ci: reorder npm i steps to fix ci for older node versions by @​Phillip9587 in expressjs/express#6336
• Backport: ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6506
• chore(4.x): wider range for query test skip by @​jonchurch in expressjs/express#6513
• use tilde notation for certain dependencies by @​UlisesGascon in expressjs/express#6905
• deps: qs@6.14.0 by @​UlisesGascon in expressjs/express#6909
• deps: use tilde notation for qs by @​Phillip9587 in expressjs/express#6919
• Release: 4.22.0 by @​UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

• Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: use tilde notation for dependencies
• deps: qs@6.14.0

Commits

• 12fae14 4.22.1
• 5ddf311 Revert "sec: security patch for CVE-2024-51999"
• 49744ab 4.22.0 (#6921)
• 6e97452 sec: security patch for CVE-2024-51999
• 6a23d34 deps: use tilde notation for qs (#6919)
• 8c12cdf deps: qs@6.14.0 (#6909)
• 7fea74f deps: use tilde notation for certain dependencies (#6905)
• dac7a04 chore: wider range for query test skip (#6513)
• 997919b ci: add node.js 24 to test matrix (#6506)
• 36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
• Additional commits viewable in compare view

Updates http-errors from 2.0.0 to 2.0.1

Release notes

Sourced from http-errors's releases.

v2.0.1

What's Changed

• Add support for OSSF scorecard reporting by @​carpasse in jshttp/http-errors#107
• refactor: improve toClassName function readability and JSDoc completeness by @​Ayoub-Mabrouk in jshttp/http-errors#112
• chore: upgrade scorecard workflow pinned action versions by @​carpasse in jshttp/http-errors#113
• Add test for extending native errors w/o altering prototype by @​jonchurch in jshttp/http-errors#106
• remove --bail from test script by @​jonchurch in jshttp/http-errors#114
• [StepSecurity] Apply security best practices by @​step-security-bot in jshttp/http-errors#116
• build(deps): bump actions/checkout from 2.7.0 to 4.2.2 by @​dependabot[bot] in jshttp/http-errors#117
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @​dependabot[bot] in jshttp/http-errors#118
• build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in jshttp/http-errors#119
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot[bot] in jshttp/http-errors#121
• build(deps): bump github/codeql-action from 3.27.9 to 3.28.18 by @​dependabot[bot] in jshttp/http-errors#123
• fix: use ubuntu-latest as ci runner by @​UlisesGascon in jshttp/http-errors#124
• remove --bail by @​jonchurch in jshttp/http-errors#125
• deps: update statuses and switch fixed versions to tilde (~) by @​Phillip9587 in jshttp/http-errors#126
• chore: add funding to package.json by @​Phillip9587 in jshttp/http-errors#130
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.5 by @​dependabot[bot] in jshttp/http-errors#131
• ci: add nodejs v18 - v24 to test matrix by @​Phillip9587 in jshttp/http-errors#127
• build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.32.0 by @​dependabot[bot] in jshttp/http-errors#129
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.11 by @​dependabot[bot] in jshttp/http-errors#133
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in jshttp/http-errors#132
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in jshttp/http-errors#138
• build(deps): bump github/codeql-action from 3.29.11 to 4.31.2 by @​dependabot[bot] in jshttp/http-errors#137
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in jshttp/http-errors#134
• Release: 2.0.1 by @​UlisesGascon in jshttp/http-errors#140

New Contributors

• @​Ayoub-Mabrouk made their first contribution in jshttp/http-errors#112
• @​jonchurch made their first contribution in jshttp/http-errors#106
• @​step-security-bot made their first contribution in jshttp/http-errors#116
• @​dependabot[bot] made their first contribution in jshttp/http-errors#117
• @​UlisesGascon made their first contribution in jshttp/http-errors#124
• @​Phillip9587 made their first contribution in jshttp/http-errors#126

Full Changelog: jshttp/http-errors@v2.0.0...v2.0.1

Changelog

Sourced from http-errors's changelog.

2.0.1 / 2025-11-20

• deps: use tilde notation for dependencies
• deps: update statuses to 2.0.2

Commits

• 61aee57 2.0.1 (#140)
• 6acba1f build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#134)
• d2dcbbf build(deps): bump github/codeql-action from 3.29.11 to 4.31.2 (#137)
• fa47a60 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#138)
• 09b3881 build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#132)
• f1ad322 build(deps): bump github/codeql-action from 3.29.7 to 3.29.11 (#133)
• 109fe03 build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.32.0 (#129)
• 7a05446 ci: add nodejs v18 - v24 to test matrix (#127)
• 6dfaf49 build(deps): bump github/codeql-action from 3.28.18 to 3.29.5 (#131)
• 535aebf chore: add funding to package.json (#130)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for http-errors since your current version.

Updates minimatch from 9.0.3 to 9.0.9

Commits

• 8a10e47 9.0.9
• c6f1806 brace-expansion@2
• 446cfa3 9.0.8
• 8fa151a docs: add warning about ReDoS
• 71b78a2 fix partial matching of globstar patterns
• 2de496f 9.0.7
• 0d4616d limit nested extglob recursion, flatten extglobs
• 7117ef3 9.0.6
• 2418458 update deps, do not checkin dist
• 1d1f531 update deps
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates simple-git from 3.21.0 to 3.36.0

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

• 89a2294: Extend known exploitable configuration keys and per-task environment variables.

  Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

  Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

• 1ad57e8: Remove conflicting node:buffer import
• Updated dependencies [89a2294]
• Updated dependencies [675570a]
  • @​simple-git/argv-parser