Skip to content

chore(deps): bump the npm_and_yarn group across 17 directories with 6 updates#33

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/CopilotKit/npm_and_yarn-ca9d0e9ae1
Open

chore(deps): bump the npm_and_yarn group across 17 directories with 6 updates#33
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/CopilotKit/npm_and_yarn-ca9d0e9ae1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 2, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 1 update in the /CopilotKit directory: next.
Bumps the npm_and_yarn group with 4 updates in the /docs directory: next, brace-expansion, yaml and dompurify.
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-ai-researcher/ui directory: next, brace-expansion, node-forge and yaml.
Bumps the npm_and_yarn group with 2 updates in the /examples/coagents-qa-native/agent-js directory: fast-xml-parser and yaml.
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-qa-native/ui directory: next, brace-expansion, node-forge and yaml.
Bumps the npm_and_yarn group with 2 updates in the /examples/coagents-qa-text/agent-js directory: fast-xml-parser and yaml.
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-qa-text/ui directory: next, brace-expansion, node-forge and yaml.
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-qa/ui directory: next, brace-expansion, node-forge and yaml.
Bumps the npm_and_yarn group with 1 update in the /examples/coagents-research-canvas/agent-js directory: fast-xml-parser.
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-research-canvas/ui directory: next, brace-expansion, node-forge and yaml.
Bumps the npm_and_yarn group with 2 updates in the /examples/coagents-routing/agent-js directory: fast-xml-parser and yaml.
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-routing/ui directory: next, brace-expansion, node-forge and yaml.
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-shared-state/ui directory: next, brace-expansion, node-forge and yaml.
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-starter/ui directory: next, brace-expansion, node-forge and yaml.
Bumps the npm_and_yarn group with 3 updates in the /examples/coagents-travel/ui directory: next, brace-expansion and node-forge.
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-wait-user-input/ui directory: next, brace-expansion, node-forge and yaml.
Bumps the npm_and_yarn group with 1 update in the /infra directory: brace-expansion.

Updates next from 14.2.4 to 15.5.14

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

  • fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

Commits
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • 6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
  • 7a94645 Apply needs for publishRelease
  • bbfd4e3 v15.5.11
  • Additional commits viewable in compare view

Updates next from 14.2.13 to 15.5.14

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

  • fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

Commits
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • 6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
  • 7a94645 Apply needs for publishRelease
  • bbfd4e3 v15.5.11
  • Additional commits viewable in compare view

Updates brace-expansion from 2.0.1 to 2.0.3

Release notes

Sourced from brace-expansion's releases.

v2.0.2

  • pkg: publish on tag 2.x 14f1d91
  • fmt ed7780a
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

Commits

Updates yaml from 2.5.1 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

  • Add trailingComma ToString option for multiline flow formatting (#670)
  • Catch stack overflow during node composition (1e84ebb)

v2.8.2

  • Serialize -0 as -0 (#638)
  • Do not double newlines for empty map values (#642)

v2.8.1

  • Preserve empty block literals (#634)

v2.8.0

  • Add node cache for faster alias resolution (#612)
  • Re-introduce compatibility with Node.js 14.6 (#614)
  • Add --merge option to CLI tool (#611)
  • Improve error for tag resolution error on null value (#616)
  • Allow empty string as plain scalar representation, for failsafe schema (#616)
  • docs: include cli example (#617)

v2.7.1

  • Do not allow seq with single-line collection value on same line with map key (#603)
  • Improve warning & avoid TypeError on bad YAML 1.1 nodes (#610)

v2.7.0

The library is now available on JSR as @​eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.

  • Use .ts extension in all relative imports (#591)
  • Ignore newline after block seq indicator as space before value (#590)
  • Require Node.js 14.18 or later (was 14.6) (#598)

v2.6.1

  • Do not strip :00 seconds from !!timestamp values (#578, with thanks to @​qraynaud)
  • Tighten regexp for JSON !!bool (#587, with thanks to @​vra5107)
  • Default to literal block scalar if folded would overflow (#585)

v2.6.0

  • Use a proper tag for !!merge << keys (#580)
  • Add stringKeys parse option (#581)
  • Stringify a Document as a Document (#576)
  • Add sponsorship by Manifest
Commits
  • ce14587 2.8.3
  • 1e84ebb fix: Catch stack overflow during node composition
  • 6b24090 ci: Include Prettier check in lint action
  • 9424dee chore: Refresh lockfile
  • d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
  • 4321509 ci: Drop the branch filter from GitHub PR actions
  • 47207d0 chore: Update docs-slate
  • 5212fae chore: Update docs-slate
  • 086fa6b 2.8.2
  • 95f01e9 chore: Add funding to package.json
  • Additional commits viewable in compare view

Updates dompurify from 3.1.6 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

  • Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua

DOMPurify 3.3.1

  • Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @​MariusRumpf
  • Updated the ESM import syntax to be more correct, thanks @​binhpv

DOMPurify 3.3.0

  • Added the SVG mask-type attribute to default allow-list, thanks @​prasadrajandran
  • Added support for ADD_ATTR and ADD_TAGS to accept functions, thanks @​nelstrom
  • Fixed an issue with the slot element being in both SVG and HTML allow-list, thanks @​Wim-Valgaeren

DOMPurify 3.2.7

  • Added new attributes and elements to default allow-list, thanks @​elrion018
  • Added tagName parameter to custom element attributeNameCheck, thanks @​nelstrom
  • Added better check for animated href attributes, thanks @​llamakko
  • Updated and improved the bundled types, thanks @​ssi02014
  • Updated several tests to better align with new browser encoding behaviors
  • Improved the handling of potentially risky content inside CDATA elements, thanks @​securityMB & @​terjanq
  • Improved the regular expression for raw-text elements to cover textareas, thanks @​securityMB & @​terjanq

DOMPurify 3.2.6

DOMPurify 3.2.5

  • Added a check to the mXSS detection regex to be more strict, thanks @​masatokinugawa
  • Added ESM type imports in source, removes patch function, thanks @​donmccurdy
  • Added script to verify various TypeScript configurations, thanks @​reduckted
  • Added more modern browsers to the Karma launchers list
  • Added Node 23.x to tested runtimes, removed Node 17.x
  • Fixed the generation of source maps, thanks @​reduckted
  • Fixed an unexpected behavior with ALLOWED_URI_REGEXP using the 'g' flag, thanks @​hhk-png
  • Fixed a few typos in the README file

DOMPurify 3.2.4

... (truncated)

Commits
  • 8bcbf73 chore: Preparing 3.3.3 release
  • 5faddd6 fix: engine requirement (#1210)
  • 0f91e3a Update README.md
  • d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
  • c3efd48 fix: moved back from jsdom 28 to jsdom 20
  • 988b888 fix: moved back from jsdom 28 to jsdom 20
  • 2726c74 chore: Preparing 3.3.2 release
  • 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
  • 302b51d fix: Expanded the regex ever so slightly to also cover script
  • cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
  • Additional commits viewable in compare view

Updates next from 15.1.0 to 15.5.14

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

  • fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

Commits
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • 6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
  • 7a94645 Apply needs for publishRelease
  • bbfd4e3 v15.5.11
  • Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.13

Release notes

Sourced from brace-expansion's releases.

v2.0.2

  • pkg: publish on tag 2.x 14f1d91
  • fmt ed7780a
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

Commits

Updates node-forge from 1.3.1 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

  • HIGH: Denial of Service in BigInteger.modInverse()
    • A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.
    • Reported by Kr0emer.
    • CVE ID: CVE-2026-33891
    • GHSA ID: GHSA-5gfm-wpxj-wjgq
  • HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.
    • RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.
    • Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.
    • Reported as part of a U.C. Berkeley security research project by:
      • Austin Chu, Sohee Kim, and Corban Villa.
    • CVE ID: CVE-2026-33894
    • GHSA ID: GHSA-ppp5-5v6c-4jwp
  • HIGH: Signature forgery in Ed25519 due to missing S < L check.
    • Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.
    • Reported as part of a U.C. Berkeley security research project by:
      • Austin Chu, Sohee Kim, and Corban Villa.
    • CVE ID: CVE-2026-33895
    • GHSA ID: GHSA-q67f-28xg-22rw
  • HIGH: basicConstraints bypass in certificate chain verification.
    • pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.
    • Reported by Doruk Tan Ozturk (@​peaktwilight) - doruk.ch
    • CVE ID: CVE-2026-33896
    • GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

Updates yaml from 2.5.0 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

  • Add trailingComma ToString option for multiline flow formatting (#670)
  • Catch stack overflow during node composition (1e84ebb)

v2.8.2

  • Serialize -0 as -0 (#638)
  • Do not double newlines for empty map values (#642)

v2.8.1

  • Preserve empty block literals (#634)

v2.8.0

  • Add node cache for faster alias resolution (#612)
  • Re-introduce compatibility with Node.js 14.6 (#614)
  • Add --merge option to CLI tool (#611)
  • Improve error for tag resolution error on null value (#616)
  • Allow empty string as plain scalar representation, for failsafe schema (#616)
  • docs: include cli example (#617)

v2.7.1

  • Do not allow seq with single-line collection value on same line with map key (#603)
  • Improve warning & avoid TypeError on bad YAML 1.1 nodes (#610)

v2.7.0

The library is now available on JSR as @​eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.

  • Use .ts extension in all relative imports (#591)
  • Ignore newline after block seq indicator as space before value (#590)
  • Require Node.js 14.18 or later (was 14.6) (#598)

v2.6.1

  • Do not strip :00 seconds from !!timestamp values (#578, with thanks to @​qraynaud)
  • Tighten regexp for JSON !!bool (#587, with thanks to @​vra5107)
  • Default to literal block scalar if folded would overflow (#585)

v2.6.0

  • Use a proper tag for !!merge << keys (#580)
  • Add stringKeys parse option (#581)
  • Stringify a Document as a Document (#576)
  • Add sponsorship by Manifest
Commits
  • ce14587 2.8.3
  • 1e84ebb fix: Catch stack overflow during node composition
  • 6b24090 ci: Include Prettier check in lint action
  • 9424dee chore: Refresh lockfile
  • d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
  • 4321509 ci: Drop the branch filter from GitHub PR actions
  • 47207d0 chore: Update docs-slate
  • 5212fae chore: Update docs-slate
  • 086fa6b 2.8.2
  • 95f01e9 chore: Add funding to package.json
  • Additional commits viewable in compare view

Updates fast-xml-parser from 4.5.0 to 4.5.5

Release notes

Sourced from fast-xml-parser's releases.

Summary update on all the previous releases from v4.2.4

  • Multiple minor fixes provided in the validator and parser
  • v6 is added for experimental use.
  • ignoreAttributes support function, and array of string or regex
  • Add support for parsing HTML numeric entities
  • v5 of the application is ESM module now. However, JS is also supported

Note: Release section in not updated frequently. Please check CHANGELOG or Tags for latest release information.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.5.9 / 2026-03-23

  • combine typing files

4.5.5 / 2026-03-22

apply fixes from v5 (legacy maintenance branch v4-maintenance)

  • support maxEntityCount
  • support onDangerousProperty
  • support maxNestedTags
  • handle prototype pollution
  • fix incorrect entity name replacement
  • fix incorrect condition for entity expansion

5.5.8 / 2026-03-20

  • pass read only matcher in callback

5.5.7 / 2026-03-19

  • fix: entity expansion limits
  • update strnum package to 2.2.0

5.5.6 / 2026-03-16

  • update builder dependency
  • fix incorrect regex to replace . in entity name
  • fix check for entitiy expansion for lastEntities and html entities too

5.5.5 / 2026-03-13

  • sanitize dangerous tag or attribute name
  • error on critical property name
  • support onDangerousProperty option

5.5.4 / 2026-03-13

  • declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher

5.5.3 / 2026-03-11

  • upgrade builder

5.5.2 / 2026-03-11

  • update dependency to fix typings

5.5.1 / 2026-03-10

  • fix dependency

... (truncated)

Commits
  • 88d0936 apply all fixes from v5
  • d4eb6b4 update release version
  • b1b9f63 update release info
  • faccca1 sync with v5.3.9
  • ab00cdc update package bundle for minor fixes
  • 57c6187 Update ReadMe
  • caeda37 fix: emit full JSON string from CLI when no output filename specified (#710)
  • eadeb7e fix(performance): Update check for leaf node in saveTextToParentTag function ...
  • 682066c Update disclaimer
  • 280cd63 Fix null CDATA to comply with undefined behavior (#701)
  • Additional commits viewable in compare view

Updates yaml from 2.6.1 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

  • Add trailingComma ToString option for multiline flow formatting (#670)
  • Catch stack overflow during node composition (1e84ebb)

v2.8.2

  • Serialize -0 as -0 (#638)
  • Do not double newlines for empty map values (#642)

v2.8.1

  • Preserve empty block literals (#634)

v2.8.0

  • Add node cache for faster alias resolution (#612)
  • Re-introduce compatibility with Node.js 14.6 (#614)
  • Add --merge option to CLI tool (#611)
  • Improve error for tag resolution error on null value (#616)
  • Allow empty string as plain scalar representation, for failsafe schema (#616)
  • docs: include cli example (#617)

v2.7.1

  • Do not allow seq with single-line collection value on same line with map key (#603)
  • Improve warning & avoid TypeError on bad YAML 1.1 nodes (#610)

v2.7.0

The library is now available on JSR as @​eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.

  • Use .ts extension in all relative imports (#591)
  • Ignore newline after block seq indicator as space before value (#590)
  • Require Node.js 14.18 or later (was 14.6) (#598)

v2.6.1

  • Do not strip :00 seconds from !!timestamp values (#578, with thanks to @​qraynaud)
  • Tighten regexp for JSON !!bool (#587, with thanks to @​vra5107)
  • Default to literal block scalar if folded would overflow (#585)

v2.6.0

  • Use a proper tag for !!merge << keys (#580)
  • Add stringKeys parse option (#581)
  • Stringify a Document as a Document (#576)
  • Add sponsorship by Manifest
Commits
  • ce14587 2.8.3
  • 1e84ebb fix: Catch stack overflow during node composition
  • 6b24090 ci: Include Prettier check in lint action
  • 9424dee chore: Refresh lockfile
  • d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
  • 4321509 ci: Drop the branch filter from GitHub PR actions
  • 47207d0 chore: Update docs-slate
  • 5212fae chore: Update docs-slate
  • 086fa6b 2.8.2
  • 95f01e9 chore: Add funding to package.json
  • Additional commits viewable in compare view

Updates next from 15.1.0 to 15.5.14

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
  • Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

  • fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

Commits
  • d7b012d v15.5.14
  • 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
  • f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
  • cfd5f53 v15.5.13
  • 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
  • d23f41c v15.5.12
  • 8e75765 fix unlock in publish-native
  • 6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
  • 7a94645 Apply needs for publishRelease
  • bbfd4e3 v15.5.11
  • Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.13

Release notes

Sourced from brace-expansion's releases.

v2.0.2

  • pkg: publish on tag 2.x 14f1d91
  • fmt ed7780a
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

Commits

Updates node-forge from 1.3.1 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

  • HIGH: Denial of Service in BigInteger.modInverse()
    • A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.
    • Reported by Kr0emer.
    • CVE ID: CVE-2026-33891
    • GHSA ID: GHSA-5gfm-wpxj-wjgq
  • HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.
    • RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.
    • Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.
    • Reported as part of a U.C. Berkeley security research project by:
      • Austin Chu, Sohee Kim, and Corban Villa.
    • CVE ID: CVE-2026-33894
    • GHSA ID: GHSA-ppp5-5v6c-4jwp
  • HIGH: Signature forgery in Ed25519 due to missing S < L check.
    • Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.
    • Reported as part of a U.C. Berkeley security research project by:
      • Austin Chu, Sohee Kim, and Corban Villa.
    • CVE ID: CVE-2026-33895
    • GHSA ID: GHSA-q67f-28xg-22rw
  • HIGH: basicConstraints bypass in certificate chain verification.
    • pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.
    • Reported by Doruk Tan Ozturk (@​peaktwilight) - doruk.ch
    • CVE ID: CVE-2026-33896
    • GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

… updates

Bumps the npm_and_yarn group with 1 update in the /CopilotKit directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 4 updates in the /docs directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [yaml](https://github.com/eemeli/yaml) and [dompurify](https://github.com/cure53/DOMPurify).
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-ai-researcher/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [node-forge](https://github.com/digitalbazaar/forge) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 2 updates in the /examples/coagents-qa-native/agent-js directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-qa-native/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [node-forge](https://github.com/digitalbazaar/forge) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 2 updates in the /examples/coagents-qa-text/agent-js directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-qa-text/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [node-forge](https://github.com/digitalbazaar/forge) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-qa/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [node-forge](https://github.com/digitalbazaar/forge) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 1 update in the /examples/coagents-research-canvas/agent-js directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser).
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-research-canvas/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [node-forge](https://github.com/digitalbazaar/forge) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 2 updates in the /examples/coagents-routing/agent-js directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-routing/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [node-forge](https://github.com/digitalbazaar/forge) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-shared-state/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [node-forge](https://github.com/digitalbazaar/forge) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-starter/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [node-forge](https://github.com/digitalbazaar/forge) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 3 updates in the /examples/coagents-travel/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [node-forge](https://github.com/digitalbazaar/forge).
Bumps the npm_and_yarn group with 4 updates in the /examples/coagents-wait-user-input/ui directory: [next](https://github.com/vercel/next.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [node-forge](https://github.com/digitalbazaar/forge) and [yaml](https://github.com/eemeli/yaml).
Bumps the npm_and_yarn group with 1 update in the /infra directory: [brace-expansion](https://github.com/juliangruber/brace-expansion).


Updates `next` from 14.2.4 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `next` from 14.2.13 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 2.0.1 to 2.0.3
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `yaml` from 2.5.1 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `dompurify` from 3.1.6 to 3.3.3
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.1.6...3.3.3)

Updates `next` from 15.1.0 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 2.5.0 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `fast-xml-parser` from 4.5.0 to 4.5.5
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.0...v4.5.5)

Updates `yaml` from 2.6.1 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `next` from 15.1.0 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 2.5.0 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `fast-xml-parser` from 4.5.0 to 4.5.5
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.0...v4.5.5)

Updates `yaml` from 2.6.1 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `next` from 15.1.0 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 2.5.0 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `next` from 15.1.0 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 1.10.2 to 1.10.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `fast-xml-parser` from 4.5.0 to 4.5.5
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.0...v4.5.5)

Updates `next` from 15.1.0 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 2.5.1 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `fast-xml-parser` from 4.5.0 to 4.5.5
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.0...v4.5.5)

Updates `yaml` from 2.6.1 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `next` from 15.1.0 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 1.10.2 to 1.10.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `next` from 15.1.0 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 2.5.0 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `next` from 15.1.0 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 2.5.0 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `next` from 14.2.5 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `next` from 15.1.0 to 15.5.14
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.4...v15.5.14)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 2.5.0 to 2.8.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.5.1...v2.8.3)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.3)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.3.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 4.5.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 4.5.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 4.5.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 4.5.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.14
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants