chore(deps): bump the npm_and_yarn group across 1 directory with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
undici	5.29.0	7.25.0
minimatch	3.1.2	10.2.5
file-type	21.2.0	21.3.4
lodash	4.17.21	4.18.1
multer	2.0.2	2.1.1
tar	7.5.2	removed
qs	6.14.1	6.15.1
rollup	2.79.2	4.60.4
serialize-javascript	6.0.2	7.0.5

Updates undici from 5.29.0 to 7.25.0

Release notes

Sourced from undici's releases.

v7.25.0

What's Changed

Full Changelog: nodejs/undici@v7.24.8...v7.25.0

v7.24.8

What's Changed

• fix: backport 401 stream-backed body fix to v7.x by @​mcollina in nodejs/undici#5006

Full Changelog: nodejs/undici@v7.24.7...v7.24.8

v7.24.7

What's Changed

• docs: update broken links in file "Dispatcher.md" by @​samuel871211 in nodejs/undici#4924
• doc: remove unused parameter redirectionLimitReached by @​samuel871211 in nodejs/undici#4933
• test: skip flaky macOS Node 20 cookie fetch cases by @​mcollina in nodejs/undici#4932
• fix(types): align Response with DOM fetch types by @​theamodhshetty in nodejs/undici#4867
• fix(types): Fix clone method type declaration to be an instance method rather than instance property by @​mistval in nodejs/undici#4925
• test: skip IPv6 tests when IPv6 is not available by @​mcollina in nodejs/undici#4939
• fix: correctly handle multi-value rawHeaders in fetch by @​mcollina in nodejs/undici#4938
• ignore AGENTS.md by @​mcollina in nodejs/undici#4942

New Contributors

• @​samuel871211 made their first contribution in nodejs/undici#4924
• @​mistval made their first contribution in nodejs/undici#4925

Full Changelog: nodejs/undici@v7.24.6...v7.24.7

v7.24.6

What's Changed

• fix(test): client wasm compatible with clang 22 by @​rozzilla in nodejs/undici#4909
• fix(mock): improve error message when intercepts are exhausted by @​travisbreaks in nodejs/undici#4912
• fix(websocket): support open diagnostics over h2 by @​mcollina in nodejs/undici#4921
• fix: assume http/https scheme for scheme-less proxy env vars by @​travisbreaks in nodejs/undici#4914
• fix(cache): check Authorization on request headers per RFC 9111 §3.5 by @​metalix2 in nodejs/undici#4911
• fix: wrap kConnector call in try/catch to prevent client hang by @​veeceey in nodejs/undici#4834
• docs: clarify fetch and FormData pairing by @​mcollina in nodejs/undici#4922
• fix: support Connection header with connection-specific header names per RFC 7230 by @​mcollina in nodejs/undici#4775
• fix: avoid prototype collisions in parseHeaders by @​mcollina in nodejs/undici#4923
• build(deps-dev): bump typescript from 5.9.3 to 6.0.2 by @​dependabot[bot] in nodejs/undici#4926
• test: auto-init WPT submodule by @​mcollina in nodejs/undici#4930

New Contributors

• @​rozzilla made their first contribution in nodejs/undici#4909
• @​veeceey made their first contribution in nodejs/undici#4834

Full Changelog: nodejs/undici@v7.24.5...v7.24.6

... (truncated)

Commits

• 12d9045 Bumped v7.25.0 (#5025)
• 7a6f7fe Bumped v7.24.8 (#5020)
• 1f85ae4 fix: avoid 401 failures for stream-backed request bodies (#4941) (#5006)
• c661067 chore: update v7.x maintenance release flow
• 84f23e2 Bumped v7.24.7 (#4947)
• a770b10 ignore AGENTS.md (#4942)
• 6acd19b fix: correctly handle multi-value rawHeaders in fetch (#4938)
• 1da1c74 test: skip IPv6 tests when IPv6 is not available (#4939)
• 04cb773 fix(types): Fix clone method type declaration to be an instance method rather...
• 5145a7c fix(types): align Response with DOM fetch types (#4867)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for undici since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates minimatch from 3.1.2 to 10.2.5

Changelog

Sourced from minimatch's changelog.

change log

10.2

• Add braceExpandMax option

10.1

• Add magicalBraces option for escape
• Fix makeRe when partial: true is set.
• Fix makeRe when pattern ends in a final ** path part.

10.0

• Require node 20 or 22 and higher

9.0

• No default export, only named exports.

8.0

• Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
• Bump required Node.js version

7.4

• Add escape() method
• Add unescape() method
• Add Minimatch.hasMagic() method

7.3

• Add support for posix character classes in a unicode-aware way.

7.2

• Add windowsNoMagicRoot option

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits

• 693c823 10.2.5
• 7953af1 do not allow .. to consume drive letter on Windows
• 1caf918 lint and format
• 7783ed6 ignore docs
• 6d9b356 update deps etc
• c36addb 10.2.4
• 26b9002 docs: add warning about ReDoS
• 3a0d83b fix partial matching of globstar patterns
• ea94840 10.2.3
• 0873fba update deps
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates file-type from 21.2.0 to 21.3.4

Release notes

Sourced from file-type's releases.

v21.3.4

• Harden parser more aec20a0

---

sindresorhus/file-type@v21.3.3...v21.3.4

v21.3.3

• Harden parser c48c90b 135f91b

---

sindresorhus/file-type@v21.3.2...v21.3.3

v21.3.2

• Fix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v) a155cd7
• Fix bound recursive BOM and ID3 detection 370ed91

---

sindresorhus/file-type@v21.3.1...v21.3.2

v21.3.1

• Fix infinite loop in ASF parser on malformed input (GHSA-5v7r-6r5c-r473) 319abf8

---

sindresorhus/file-type@v21.3.0...v21.3.1

v21.3.0

• Add support for Mach-O Universal (aka "Fat") binaries and additional architectures (#779) d223491

---

sindresorhus/file-type@v21.2.0...v21.3.0

Commits

• fbe8b77 21.3.4
• aec20a0 Harden parser more
• 3afcca5 21.3.3
• c48c90b Harden parser more
• 135f91b Harden parser more
• e18028c 21.3.2
• a155cd7 Fix ZIP bomb in known-size ZIP probing
• 6954817 Harden parser more
• 370ed91 Fix bound recursive BOM and ID3 detection
• d2ecea1 Add a few more safeguards
• Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
• lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

• Add security notice for _.template in threat model and API docs (#6099)
• Document lower > upper behavior in _.random (#6115)
• Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

• lodash.orderby
• lodash.tonumber
• lodash.trim
• lodash.trimend
• lodash.sortedindexby
• lodash.zipobjectdeep
• lodash.unset
• lodash.omit
• lodash.template

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
• 75535f5 chore: prune stale advisory refs (#6170)
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
• 59be2de release(minor): bump to 4.18.0 (#6161)
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
• b819080 ci: add dist sync validation workflow (#6137)
• Additional commits viewable in compare view

Updates multer from 2.0.2 to 2.1.1

Release notes

Sourced from multer's releases.

v2.1.1

Important

• Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)

What's Changed

• chore: add node version to 25.x in CI by @​imangas in expressjs/multer#1372
• chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by @​dependabot[bot] in expressjs/multer#1378
• chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in expressjs/multer#1377
• chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by @​dependabot[bot] in expressjs/multer#1376
• chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by @​dependabot[bot] in expressjs/multer#1375
• chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by @​dependabot[bot] in expressjs/multer#1374
• fix error/abort handling by @​ctcpip in expressjs/multer#1373
• 2.1.1 by @​UlisesGascon in expressjs/multer#1380

New Contributors

• @​imangas made their first contribution in expressjs/multer#1372
• @​dependabot[bot] made their first contribution in expressjs/multer#1378

Full Changelog: expressjs/multer@v2.1.0...v2.1.1

v2.1.0

Important

• Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)
• Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

What's Changed

• chore: add funding to package.json by @​bjohansebas in expressjs/multer#1346
• chore: drop mkdirp dependency by @​wojtekmaj in expressjs/multer#1350
• chore: drop object-assign dependency by @​wojtekmaj in expressjs/multer#1351
• chore: drop xtend dependency by @​wojtekmaj in expressjs/multer#1352
• chore(gitignore): ignore .nyc_output directory by @​ShubhamOulkar in expressjs/multer#1332
• Fix typo in README-vi.md regarding file upload by @​Kunniii in expressjs/multer#1366
• Fix typo in README-pt-br.md for array method by @​matheushbm192 in expressjs/multer#1367
• headers-support-utf8 by @​Doc999tor in expressjs/multer#1210
• Add Turkish translation (README-tr.md) by @​Sabandogan in expressjs/multer#1360
• Release: 2.1.0 by @​UlisesGascon in expressjs/multer#1371

New Contributors

• @​wojtekmaj made their first contribution in expressjs/multer#1350
• @​ShubhamOulkar made their first contribution in expressjs/multer#1332
• @​Kunniii made their first contribution in expressjs/multer#1366
• @​matheushbm192 made their first contribution in expressjs/multer#1367
• @​Doc999tor made their first contribution in expressjs/multer#1210
• @​Sabandogan made their first contribution in expressjs/multer#1360

Full Changelog: expressjs/multer@v2.0.2...v2.1.0

Changelog

Sourced from multer's changelog.

2.1.1

• Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)
• fix error/abort handling

2.1.0

• Add defParamCharset option for UTF-8 filename support (#1210)
• Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)
• Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

Commits

• 368c8a1 2.1.1 (#1380)
• 7e66481 🐛 fix recursion issue
• 643571e ✅ add explicit test for client able to send body without abrupt disconnect
• e86fa52 fix error/abort handling
• ca37779 chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (#1374)
• 13088f4 chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (#1375)
• bc6a1d1 chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (#1376)
• c496e93 chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (#1377)
• fa173d3 chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (#1378)
• 17d7f51 chore: add node version to 25.x in CI
• Additional commits viewable in compare view

Removes tar

Updates qs from 6.14.1 to 6.15.1

Changelog

Sourced from qs's changelog.

6.15.1

• [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
• [Deps] update @ljharb/eslint-config
• [Dev Deps] update @ljharb/eslint-config, iconv-lite
• [Tests] increase coverage

6.15.0

• [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
• [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

• [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
• [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
• [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
• [Fix] parse: enforce arrayLimit on comma-parsed values
• [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
• [Robustness] avoid .push, use void
• [readme] document that addQueryPrefix does not add ? to empty output (#418)
• [readme] clarify parseArrays and arrayLimit documentation (#543)
• [readme] replace runkit CI badge with shields.io check-runs badge
• [meta] fix changelog typo (arrayLength → arrayLimit)
• [actions] fix rebase workflow permissions

Commits

• 3f5e1c5 v6.15.1
• c85b67f [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true s...
• 4dfa0f0 [Deps] update @ljharb/eslint-config
• dbb05d7 [Dev Deps] update @ljharb/eslint-config, iconv-lite
• b0cfe7c [Tests] increase coverage
• d9b4c66 v6.15.0
• cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
• 88e1563 [Fix] duplicates option should not apply to bracket notation keys
• 9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
• 85cc8ca v6.12.5
• Additional commits viewable in compare view

Updates rollup from 2.79.2 to 4.60.4

Release notes

Sourced from rollup's releases.

v4.60.4

4.60.4

2026-05-14

Bug Fixes

• Improve stability of chunk hashes (#6362)

Pull Requests

• #6362: fix: stabilize chunk assignment across parallel file reads (@​sonukapoor, @​Sonu Kapoor, @​TrickyPi, @​lukastaegert)
• #6370: fix(deps): update minor/patch updates (@​renovate[bot])
• #6371: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6372: chore(deps): update react monorepo to v19 (major) (@​renovate[bot])
• #6373: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6375: Resolve vulnerabilities (@​lukastaegert)

v4.60.2

4.60.2

2026-04-18

Bug Fixes

• Resolve a variable rendering bug when generating different formats from the same build (#6350)

Pull Requests

• #6327: docs: fix various typos in source and documentation (@​Abhi3975, @​lukastaegert)
• #6331: fix(deps): update minor/patch updates (@​renovate[bot])
• #6332: chore(deps): update codecov/codecov-action action to v6 (@​renovate[bot])
• #6333: chore(deps): update dependency eslint-plugin-unicorn to v64 (@​renovate[bot])
• #6334: fix(deps): update rust crate swc_compiler_base to v51 (@​renovate[bot])
• #6335: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6346: fix(deps): update minor/patch updates (@​renovate[bot])
• #6347: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6348: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6349: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6350: fix: reset variable render names between outputs in the same generate (@​barry3406, @​lukastaegert)
• #6351: chore(deps): update minor/patch updates (@​renovate[bot])
• #6352: chore(deps): update cross-platform-actions/action action to v1 (@​renovate[bot])
• #6353: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6354: chore(deps): lock file maintenance (@​renovate[bot])
• #6355: chore(deps): lock file maintenance (@​renovate[bot])
• #6356: chore(deps): lock file maintenance (@​renovate[bot])
• #6358: chore: remove cross-env from devDeps (@​K-tecchan)

v4.60.1

4.60.1

... (truncated)

Changelog

Sourced from rollup's changelog.

4.60.4

2026-05-14

Bug Fixes

• Improve stability of chunk hashes (#6362)

Pull Requests

• #6362: fix: stabilize chunk assignment across parallel file reads (@​sonukapoor, @​Sonu Kapoor, @​TrickyPi, @​lukastaegert)
• #6370: fix(deps): update minor/patch updates (@​renovate[bot])
• #6371: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6372: chore(deps): update react monorepo to v19 (major) (@​renovate[bot])
• #6373: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6375: Resolve vulnerabilities (@​lukastaegert)

4.60.3

2026-05-04

Bug Fixes

• Ensure nested "exports" variables are not renamed (#6360)

Pull Requests

• #6360: fix: do not rename nested "exports" bindings that do not conflict (@​tariqrafique, @​lukastaegert)
• #6364: chore(deps): update msys2/setup-msys2 digest to e989830 (@​renovate[bot])
• #6365: fix(deps): update minor/patch updates (@​renovate[bot])
• #6366: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #6367: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6368: docs: add missing backticks in plugin-development (@​lumirlumir, @​lukastaegert)

4.60.2

2026-04-18

Bug Fixes

• Resolve a variable rendering bug when generating different formats from the same build (#6350)

Pull Requests

• #6327: docs: fix various typos in source and documentation (@​Abhi3975, @​lukastaegert)
• #6331: fix(deps): update minor/patch updates (@​renovate[bot])
• #6332: chore(deps): update codecov/codecov-action action to v6 (@​renovate[bot])
• #6333: chore(deps): update dependency eslint-plugin-unicorn to v64 (@​renovate[bot])
• #6334: fix(deps): update rust crate swc_compiler_base to v51 (@​renovate[bot])
• #6335: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)

... (truncated)

Commits

• d311a84 4.60.4
• 6aa3248 fix: stabilize chunk assignment across parallel file reads (#6362)
• 82a0fe7 Resolve vulnerabilities (#6375)
• 71f5ebc chore(deps): update dependency lru-cache to v11 (#6371)
• af91d77 chore(deps): lock file maintenance (#6373)
• 65e7b94 chore(deps): update react monorepo to v19 (major) (#6372)
• 642587f fix(deps): update minor/patch updates (#6370)
• b47bdab 4.60.3
• 15c5f33 Add again some unneeded dev dependencies, to make some builds succeed
• 12195dc fix: do not rename nested "exports" bindings that do not conflict (#6360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for rollup since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates serialize-javascript from 6.0.2 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

• Improve robustness and validation for array-like object serialization.
• Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

• release: v7.0.4 by @​okuryu in yahoo/serialize-javascript#211

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

• fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
• build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

---

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

• ci: bump GitHub Actions to latest versions by @​okuryu in yahoo/serialize-javascript#203
• ci: setup trusted publishing workflow by @​okuryu in yahoo/serialize-javascript#204
• release: v7.0.2 by @​okuryu in yahoo/serialize-javascript#205

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

• Add warning about using this package to send arbitrary data to worker threads by @​valadaptive in yahoo/serialize-javascript#200
• security: sanitize function bodies by @​redonkulus in yahoo/serialize-javascript#199
• docs: tweak README by @​okuryu in yahoo/serialize-javascript#201
• release: v7.0.1 by @​okuryu in yahoo/serialize-javascript#202

New Contributors

• @​redonkulus made their first contribution in yahoo/serialize-javascript#199

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

• requires Node.js v20+

What's Changed

• Bump mocha from 10.2.0 to 10.4.0 by @​dependabot[bot] in yahoo/serialize-javascript#178

... (truncated)

Commits

• df3f1c1 release: v7.0.5
• f147e90 Merge commit from fork
• eec32e0 release: v7.0.4
• d505715 7.0.3
• 2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)
• 42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)
• 44f544b release: v7.0.2 (#205)
• bba0ddd ci: setup trusted publishing workflow (#204)
• 235f6ea ci: bump GitHub Actions to latest versions (#203)
• f7fff15 release: v7.0.1 (#202)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #187.