chore(deps): bump the npm_and_yarn group across 1 directory with 17 updates

[dependabot]

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package	From	To
firebase	10.7.2	10.9.0
koa	2.15.0	2.16.1
path-to-regexp	6.2.1	6.3.0
react-router	5.3.4	7.5.2
pug	3.0.2	3.0.3
@babel/runtime	7.23.7	7.27.0
@grpc/grpc-js	1.9.13	1.9.15
decode-uri-component	0.2.0	0.2.2
ejs	3.1.9	3.1.10
elliptic	6.5.4	6.6.1
ini	1.3.5	1.3.8
json5	1.0.1	1.0.2
rollup	2.79.1	2.79.2
svelte	4.2.3	4.2.19
tar	6.2.0	6.2.1
webpack-dev-middleware	3.7.2	3.7.3

Updates firebase from 10.7.2 to 10.9.0

Commits

• 1eb302f Version Packages (#8063)
• b498867 Merge master into release
• ce88e71 snapshot listeners source from cache (#7982)
• 6d487d7 Prevent using authTokenSyncURL if the string begins with a double slash (#8060)
• b4d59d6 Merge master into release
• 2b22838 Fix glob pattern to work with Node 20 and its NPM version (#8059)
• feb5038 Update CI node.js versions to 20.x (#8055)
• 245dd26 Enforce authTokenSyncURL being a path and not a url. (#8056)
• e60188d Version Packages (#8046)
• 7e2efbf Merge master into release
• Additional commits viewable in compare view

Updates koa from 2.15.0 to 2.16.1

Release notes

Sourced from koa's releases.

v2.16.1

fix: don't render redirect values in anchor ref

2.16.0

This is a backported release to fix core underlying issue with HEAD requests when using http2.createSecureServer. See discussion at koajs/koa#1593 and koajs/koa#1547.

• fix missing cleanup, if response socket is no longer writeable (issue 1547) (koajs/koa#1593) 399cb6b0dd2104224c0ef0ce8e92f84e4f7faf42

2.15.4

Full Changelog: koajs/koa@2.15.3...2.15.4

Fix: avoid redos on host and protocol getter, see GHSA-593f-38f6-jp5m

Commits

• ba14822 2.16.1
• 2ff6c3f 2.16.0
• 3d51d03 ci: allow codecov to fail
• eb84d89 fix: don't render redirect values in anchor ref
• 5f294bb Merge commit from fork
• 77cbf2e Release 2.15.3
• 1fad597 fix: require URL from 'url' module (#1809)
• ddbff30 Release 2.15.2
• 94e8def fix: handle upper case protocol like HTTP or HTTPS (#1806)
• 549455d Release 2.15.1
• Additional commits viewable in compare view

Updates path-to-regexp from 6.2.1 to 6.3.0

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking in 6.x

Fixed

• Add backtrack protection to 6.x (#324) f1253b4

pillarjs/path-to-regexp@v6.2.2...v6.3.0

Updated README

No API changes. Documentation only release.

Changed

• Fix readme example c7ec332
• Update shield URL e828000

pillarjs/path-to-regexp@v6.2.1...v6.2.2

Commits

• 75a92c3 6.3.0
• f1253b4 Add backtrack protection to 6.x (#324)
• 28a5b27 6.2.2
• 270876d Test on min node 16
• d5a42b6 Run tests on ubuntu
• 1c265a1 Upgrade dev deps, prettier format
• c7ec332 Fix readme example
• 25da491 Bump node v14 for tests
• 980d1db Add v8 coverage
• e828000 Update shield URL
• Additional commits viewable in compare view

Updates react-router from 5.3.4 to 7.5.2

Release notes

Sourced from react-router's releases.

v7.5.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v752

v7.5.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v751

v7.5.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v750

v7.4.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v741

v7.4.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v740

v7.3.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v730

v6.30.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6300

v7.2.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v720

v.7.1.5

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v715

v7.1.4

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v714

v6.29.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6290

v7.1.3

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v713

v7.1.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v712

v6.28.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6282

v7.1.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v711

v7.1.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v710

v6.28.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6281

... (truncated)

Changelog

Sourced from react-router's changelog.

7.5.2

Patch Changes

• Update Single Fetch to also handle the 204 redirects used in ?_data requests in Remix v2 (#13364)

  • This allows applications to return a redirect on .data requests from outside the scope of React Router (i.e., an express/hono middleware)
  • ⚠️ Please note that doing so relies on implementation details that are subject to change without a SemVer major release
  • This is primarily done to ease upgrading to Single Fetch for existing Remix v2 applications, but the recommended way to handle this is redirecting from a route middleware

• Adjust approach for Prerendering/SPA Mode via headers (#13453)

7.5.1

Patch Changes

• Fix single fetch bug where no revalidation request would be made when navigating upwards to a reused parent route (#13253)

• When using the object-based route.lazy API, the HydrateFallback and hydrateFallbackElement properties are now skipped when lazy loading routes after hydration. (#13376)

  If you move the code for these properties into a separate file, you can use this optimization to avoid downloading unused hydration code. For example:

  createBrowserRouter([
    {
      path: "/show/:showId",
      lazy: {
        loader: async () => (await import("./show.loader.js")).loader,
        Component: async () => (await import("./show.component.js")).Component,
        HydrateFallback: async () =>
          (await import("./show.hydrate-fallback.js")).HydrateFallback,
      },
    },
  ]);

• Properly revalidate prerendered paths when param values change (#13380)

• UNSTABLE: Add a new unstable_runClientMiddleware argument to dataStrategy to enable middleware execution in custom dataStrategy implementations (#13395)

• UNSTABLE: Add better error messaging when getLoadContext is not updated to return a Map" (#13242)

• Do not automatically add null to staticHandler.query() context.loaderData if routes do not have loaders (#13223)

  • This was a Remix v2 implementation detail inadvertently left in for React Router v7
  • Now that we allow returning undefined from loaders, our prior check of loaderData[routeId] !== undefined was no longer sufficient and was changed to a routeId in loaderData check - these null values can cause issues for this new check
  • ⚠️ This could be a "breaking bug fix" for you if you are doing manual SSR with createStaticHandler()/<StaticRouterProvider>, and using context.loaderData to control <RouterProvider> hydration behavior on the client

• Fix prerendering when a loader returns a redirect (#13365)

... (truncated)

Commits

• 5819e0c chore: Update version for release (#13456)
• d0cac33 chore: Update version for release (pre) (#13454)
• c843029 Adjust approach for prerendering/SPA mode via headers (#13453)
• 8e4963f Restore handling of 204 "soft" redirects on data requests (#13364)
• ed77157 update session documentation links (#13448)
• 4281172 Missed refactor updates
• b166e48 Minor refactors to support RSC (#13423)
• 5dd7c15 chore: Update version for release (#13422)
• 6ce4a79 chore: Update version for release (pre) (#13412)
• cd5681b Slight refactor of fetchAndDecode for RSC (#13409)
• Additional commits viewable in compare view

Updates pug from 3.0.2 to 3.0.3

Release notes

Sourced from pug's releases.

[email protected]

Bug Fixes

• Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options (#3438)

[email protected]

Bug Fixes

• Update pug-code-gen with the following fix: (#3438)

  Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options

Commits

• 32acfe8 fix: ensure template names are valid identifiers (#3438)
• 4767caf refactor: convert pug-error to TypeScript (#3355)
• a724446 chore: update character-parser (#3354)
• 6cca8f7 docs: fix GitHub format in README (#3335)
• See full diff in compare view

Updates @babel/runtime from 7.23.7 to 7.27.0

Release notes

Sourced from @​babel/runtime's releases.

v7.27.0 (2025-03-24)

Thanks @​ishchhabra and @​vovkasm for your first PRs!

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Ish Chhabra (@​ishchhabra)
• Vladimir Timofeev (@​vovkasm)
• @​liuxingbaoyu

v7.26.10 (2025-03-11)

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.27.0 (2025-03-24)

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

v7.26.10 (2025-03-11)

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)

... (truncated)

Commits

• 5c350ea v7.27.0
• ca4865a Fix: align behaviour to tsc rewriteRelativeImportExtensions (#17118)
• e1ce99d v7.26.10
• d5952e8 Fix processing of replacement pattern with named capture groups (#17173)
• 64bca7b v7.26.9
• 2d95140 v7.26.7
• 63d3038 v7.26.0
• b07957e v7.25.9
• af91759 fix: Accidentally publishing useless files (#16917)
• 2533cfb v7.25.7
• Additional commits viewable in compare view

Updates @grpc/grpc-js from 1.9.13 to 1.9.15

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.9.15

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.9.14

• Fix a bug that could rarely cause connection leaks (#2644)
• Fix a bug that could cause clients to go IDLE incorrectly some time after calling waitForReady (#2643)

Commits

• 08b0422 Merge pull request from GHSA-7v5v-9h63-cj86
• c75e048 grpc-js: Bump to 1.9.15
• d5d62b4 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
• 02d0344 Merge pull request #2741 from sergiitk/backport-1.9-psm-interop-common-prod-t...
• cf14020 Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
• da44229 Merge pull request #2738 from murgatroid99/backport-1.9-grpc-js_linkify-it_fix
• 5ae7c8c Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
• eed21ba Merge pull request #2714 from sergiitk/backport-1.9-psm-interop-pkg-dev
• 63763a4 Merge pull request #2712 from sergiitk/psm-interop-pkg-dev
• 5be83dd Merge pull request #2643 from murgatroid99/grpc-js_idle_timer_fix
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates elliptic from 6.5.4 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• 7570078 6.5.5
• 206da2e lib: lint
• Additional commits viewable in compare view

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates rollup from 2.79.1 to 2.79.2

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

2.79.2

2024-09-26

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

3.29.5

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

... (truncated)

Commits

• c9bd03d 2.79.2
• 48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
• See full diff in compare view

Updates svelte from 4.2.3 to 4.2.19

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

• fix: ensure typings for <svelte:options> are picked up (#12902)

• fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

• chore: speed up regex (#11922)

4.2.17

Patch Changes

• fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

• fix: check if svelte component exists on custom element destroy (#11489)

4.2.15

Patch Changes

• support attribute selector inside :global() (#11135)

4.2.14

Patch Changes

• fix parsing camelcase container query name (#11131)

4.2.13

Patch Changes

• fix: applying :global for +,~ sibling combinator when slots are present (#9282)

4.2.12

Patch Changes

• fix: properly update svelte:component props when there are spread props (#10604)

... (truncated)

Commits

• d8b3133 Version Packages (#12990)
• 83e96e0 fix: escape < in attribute strings (#12989)
• 5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
• 230916f Version Packages (#11925)
• dbe6057 chore: speed up regex (#11922)
• a8deae9 Version Packages (#11594)
• 8592914 fix: correctly handle falsy values of style directives in SSR mode (#11584)
• 8e4c778 Version Packages (#11491)
• 1bab571 fix: additional check for component on destroy (svelte4) (#11489)
• 9f2341f Version Packages (#11202)
• Additional commits viewable in compare view

Updates tar from 6.2.0 to 6.2.1

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• See full diff in compare view

Updates undici from 5.26.5 to 6.19.7

Release notes

Sourced from undici's releases.

v6.19.7

Full Changelog: nodejs/undici@v6.19.6...v6.19.7

v6.19.6

Full Changelog: nodejs/undici@v6.19.5...v6.19.6

v6.19.5

Full Changelog: nodejs/undici@v6.19.4...v6.19.5

v6.19.4

Full Changelog: nodejs/undici@v6.19.3...v6.19.4

v6.19.3

Full Changelog: nodejs/undici@v6.19.2...v6.19.3

v6.19.2

What's Changed

• fix #3337 by @​KhafraDev in nodejs/undici#3338
• build: use husky as husky install is deprecated by @​jazelly in nodejs/undici#3340
• fix: interceptors.d.ts has no default export by @​Uzlopak in nodejs/undici#3332

Full Changelog: nodejs/undici@v6.19.1...v6.19.2

v6.19.1

What's Changed

• don't append empty origin by @​KhafraDev in nodejs/undici#3335

Full Changelog: nodejs/undici@v6.19.0...v6.19.1

v6.19.0

What's Changed

• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @​dependabot in nodejs/undici#3305
• build(deps): bump codecov/codecov-action from 4.3.1 to 4.4.1 by @​dependabot in nodejs/undici#3303
• build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @​dependabot in nodejs/undici#3304
• build(deps): bump github/codeql-action from 3.25.3 to 3.25.7 by @​dependabot in nodejs/undici#3306
• build(deps): bump node from 9e8f45f to dd7e693 in /build by @​dependabot in nodejs/undici#3309
• build(deps): bump node from dd7e693 to e6d4495 in /build by @​dependabot in nodejs/undici#3313
• remove websocket experimental warning by @​KhafraDev in nodejs/undici#3311
• perf: optimization of request instantiation by @​tsctx in nodejs/undici#3107
• perf: convert object to params by @​DarkGL in nodejs/undici#3302
• build(deps-dev): bump borp from 0.14.0 to 0.15.0 by @​d...

  Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
react-hackernews	❌ Failed (Inspect)			Apr 24, 2025 7:07pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9424f5c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​firebase/​messaging-interop-types@​0.2.0 ⏵ 0.2.2
	@​firebase/​auth-interop-types@​0.2.1 ⏵ 0.2.3
	@​firebase/​installations-types@​0.5.0 ⏵ 0.5.2
	@​firebase/​app-check-interop-types@​0.3.0 ⏵ 0.3.2
	@​firebase/​performance-types@​0.2.0 ⏵ 0.2.2
	@​firebase/​app-check-types@​0.5.0 ⏵ 0.5.2
	@​firebase/​functions-types@​0.6.0 ⏵ 0.6.2
	@​firebase/​remote-config-types@​0.3.0 ⏵ 0.3.2
	@​firebase/​storage-types@​0.8.0 ⏵ 0.8.2
	@​firebase/​database-types@​1.0.0 ⏵ 1.0.5
	@​firebase/​app-types@​0.9.0 ⏵ 0.9.2
	@​firebase/​functions-compat@​0.3.6 ⏵ 0.3.14
	@​firebase/​auth-types@​0.12.0 ⏵ 0.12.2
	@​firebase/​firestore-types@​3.0.0 ⏵ 3.0.2
	@​firebase/​installations-compat@​0.2.4 ⏵ 0.2.9
	@​firebase/​performance-compat@​0.2.4 ⏵ 0.2.9
	@​firebase/​analytics-types@​0.8.0 ⏵ 0.8.2
	@​firebase/​app-check-compat@​0.3.8 ⏵ 0.3.15
	@​firebase/​remote-config-compat@​0.2.4 ⏵ 0.2.9
	@​firebase/​messaging-compat@​0.2.5 ⏵ 0.2.12
	@​firebase/​analytics-compat@​0.2.6 ⏵ 0.2.14
	@​firebase/​installations@​0.6.4 ⏵ 0.6.9	+1		+1
	@​firebase/​data-connect@​0.1.0
	@​firebase/​storage-compat@​0.3.3 ⏵ 0.3.12
	@​firebase/​app-compat@​0.2.26 ⏵ 0.2.43	+1		+1		+40
	@​firebase/​functions@​0.11.0 ⏵ 0.11.8	+1		+1
	@​firebase/​auth-compat@​0.5.1 ⏵ 0.5.14	+1		+1
	@​firebase/​performance@​0.6.4 ⏵ 0.6.9	+1		+1
See 26 more rows in the dashboard

View full report