Bump the npm_and_yarn group across 1 directory with 26 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the /client directory:

Package	From	To
bootstrap	4.6.2	5.0.0
vue	2.7.14	3.0.0
vite	4.5.5	4.5.13
esbuild	0.18.20	0.25.2
vite	4.5.13	6.3.2
tough-cookie	2.5.0	removed
node-sass	7.0.3	9.0.0

Updates bootstrap from 4.6.2 to 5.0.0

Release notes

Sourced from bootstrap's releases.

v5.0.0

Highlights

#32155: Updated make-col() mixin to generate equal columns when no size is specified #32763: Added new color-scheme() mixin #33389: Dropdown menus now have option become clickable #33453: Added new docs footer #33548: Offcanvas header components are now vertically aligned #33549: Added offcanvas-top modifier #33634: Added support for .dropdown-items wrapped in <li>s #33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

• #32763: Add color-scheme mixin
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33549: Add offcanvas-top modifier

🎨 CSS

• #32155: Add equal column mixin
• #32763: Add color-scheme mixin
• #33292: Make accordion icon rotation more natural
• #33411: Fix validation feedback icon in select multiple
• #33478: Make .nav-link color consistent when using buttons
• #33482: Dropdown — Apply positioning only when Popper is not used
• #33548: Vertically align offcanvas header components
• #33549: Add offcanvas-top modifier
• #33550: Spinner alignment changes
• #33598: Hide validation icons from multiple selects
• #33600: Have $form-check-input-border's default derive from $black
• #33607: Reduce color-scheme complexity
• #33642: use :read-only css selector instead [readonly] for consistency
• #33658: fix: use list-group variable instead of alert
• #33736: accordion: fix border-top on Firefox

☕️ JavaScript

• #32439: Decouple BackDrop from modal
• #33245: Decouple Modal's scrollbar functionality
• #33249: Simplify Modal Config
• #33250: Simplify ScrollSpy config
• #33310: fix: make EventHandler better handle mouseenter/mouseleave events
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33429: Remove element event listeners through base component
• #33451: Add missing things in hide method of dropdown
• #33456: Use our isDisabled util on dropdown
• #33466: Refactor dropdown's hide functionality
• #33479: Fix dropdown escape propagation
• #33496: Use cached noop function

... (truncated)

Commits

• bf09367 Release v5.0.0 (#33647)
• 48ae5a7 Rewrite migration guide (#33834)
• f086572 refactor(docs): Added form file input variables (#33833)
• 1a54286 Fix doc typo and Bootstrap Icons link (#33832)
• e2df73f Update migration guide for some v5 changes (#33829)
• 1e6356a Neutralise more words from placeholder text (#33731)
• 6633845 Bump eslint-config-xo from 0.35.0 to 0.36.0 (#33646)
• cb38744 Tweak toast docs (#33810)
• c2ff225 Bump rollup from 2.46.0 to 2.47.0 (#33818)
• c090ea2 Bump @​babel/preset-env from 7.14.0 to 7.14.1 (#33819)
• Additional commits viewable in compare view

Updates vue from 2.7.14 to 3.0.0

Changelog

Sourced from vue's changelog.

3.0.0 (2020-09-18)

3.0.0-rc.13 (2020-09-18)

Bug Fixes

• hmr: make hmr working with class components (#2144) (422f05e)
• reactivity: avoid length mutating array methods causing infinite updates (#2138) (f316a33), closes #2137
• suspense: should discard unmount effects of invalidated pending branch (5bfcad1)
• types: component instance inference without props (#2145) (57bdaa2)

Code Refactoring

• watch APIs default to trigger pre-flush (49bb447), closes vuejs/vue-next#1706

Features

• runtime-core: support using inject() inside props default functions (58c31e3)
• watch: support dot-delimited path in watch option (1c9a0b3)

BREAKING CHANGES

• watch APIs now default to use flush: 'pre' instead of flush: 'post'. This change affects watch, watchEffect, the watch component option, and this.$watch. See (49bb447) for more details.

3.0.0-rc.12 (2020-09-16)

Bug Fixes

• reactivity: effect should only recursively self trigger with explicit options (3810de7), closes #2125
• runtime-core: ensure root stable fragments inherit elements for moving (bebd44f), closes #2134
• runtime-core: should still do full traverse of stable fragment children in dev + hmr (dd40ad8)
• runtime-core/async-component: fix error component when there are no error handlers (c7b4a37), closes #2129
• types/tsx: optional props from Mixin/Extends are treated as required (#2048) (89e9ab8)

Features

• compiler-sfc: additionalData support for css preprocessors (#2126) (066d514)

3.0.0-rc.11 (2020-09-15)

... (truncated)

Commits

• See full diff in compare view

Updates vite from 4.5.5 to 4.5.13

Release notes

Sourced from vite's releases.

v4.5.13

Please refer to CHANGELOG.md for details.

v4.5.12

Please refer to CHANGELOG.md for details.

v4.5.11

Please refer to CHANGELOG.md for details.

v4.5.10

Please refer to CHANGELOG.md for details.

v4.5.9

Please refer to CHANGELOG.md for details.

v4.5.8

Please refer to CHANGELOG.md for details.

v4.5.7

Please refer to CHANGELOG.md for details.

v4.5.6

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

4.5.13 (2025-04-10)

• fix: backport #19830, reject requests with # in request-target (#19832) (41f3819), closes #19830 #19832

4.5.12 (2025-04-03)

• fix: backport #19782, fs check with svg and relative paths (#19785) (0a3dcf5), closes #19782 #19785

4.5.11 (2025-03-31)

• fix: backport #19761, fs check in transform middleware (#19763) (26e1764), closes #19761 #19763

4.5.10 (2025-03-24)

• fix: backport #19702, fs raw query with query separators (#19704) (315695e), closes #19702 #19704

4.5.9 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (0bc52e0), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (8f63cd6), closes #19249

4.5.8 (2025-01-20)

• fix: try parse server.origin URL (#19241) (3680bad), closes #19241

4.5.7 (2025-01-20)

• fix: crypto.getRandomValues is not available in old Node versions (#19237) (f4d3c46), closes #19237

4.5.6 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (ef1049d)
• fix!: default server.cors: false to disallow fetching from untrusted origins (07b36d5)
• fix: verify token for HMR WebSocket connection (c065a77)

Commits

• cd60e8b release: v4.5.13
• 41f3819 fix: backport #19830, reject requests with # in request-target (#19832)
• 6104add release: v4.5.12
• 0a3dcf5 fix: backport #19782, fs check with svg and relative paths (#19785)
• 07ddc3e release: v4.5.11
• 26e1764 fix: backport #19761, fs check in transform middleware (#19763)
• 86e7a6b release: v4.5.10
• 315695e fix: backport #19702, fs raw query with query separators (#19704)
• edad4d2 release: v4.5.9
• 8f63cd6 fix: allow CORS from loopback addresses by default (#19249)
• Additional commits viewable in compare view

Updates semver from 4.3.6 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• c83c18c 5.7.1
• 956e228 Correct typo in README
• 8055dda 5.7.0
• 604e73d auto-publishing scripts
• bed01e2 remove the nomin comments, since we don't minify any more anyway
• 9cb68f1 document parse method
• 38d42ca 5.7 changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates acorn from 3.3.0 to 8.14.0

Commits

• 3c6a5a9 Mark version 8.14.0
• e943275 Add missing unicode properties
• ac3bd47 Add support for ES2025 RegExp Modifiers
• f55d97c Add support for ES2025 Import Attributes
• cc5ec01 Mark version 8.13.0
• fdf144b Remove unused eslint-plugin-promise package
• 42b8796 Add Unicode v16 support
• 82de245 Fix whitelist, unsupported features
• 1fcd451 Bump test262
• dfebfd5 Mark acorn-walk version 8.3.4
• Additional commits viewable in compare view

Updates ajv from 4.11.8 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

• dependencies option in to require the presence of keywords in the same schema.

... (truncated)

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates ansi-regex from 2.1.1 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

• Require Node.js 8 166a0d5

Enhancements

• Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

• Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• 2b56fb0 5.0.0
• f26f7fe Meta tweaks
• e77ea17 Add TypeScript definition (#32)
• 166a0d5 Require Node.js 8
• f115fca Tidelift tasks
• Additional commits viewable in compare view

Updates braces from 0.1.5 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed
• Require Node.js >= 8.3

Non-breaking changes

• Caching was removed

[2.3.2] - 2018-04-08

• start refactoring

... (truncated)

Commits

• See full diff in compare view

Updates chownr from 1.0.1 to 2.0.0

Commits

• f9f9d86 2.0.0
• fc69315 drop support for EOL node versions
• 814f642 1.1.4
• a0d7ae0 push to github before npm
• 1a3667a ignore stuff
• 147eac4 Full tests, handle errors properly in many cases
• 578fb9f update tap, fix rimraf version
• 5bbda8c feat: ignore ENOENT errors during chown
• deaa058 1.1.3
• 190e311 Don't early-capture the fs.lchownSync method
• Additional commits viewable in compare view

Updates cross-spawn from 5.1.0 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

7.0.3 (2020-05-25)

Bug Fixes

• detect path key based on correct environment (#133) (159e7e9)

7.0.2 (2020-04-04)

Bug Fixes

• fix worker threads in Node >=11.10.0 (#132) (6c5b4f0)

7.0.1 (2019-10-07)

Bug Fixes

• core: support worker threads (#127) (cfd49c9)

7.0.0 (2019-09-03)

⚠ BREAKING CHANGES

• drop support for Node.js < 8

• drop support for versions below Node.js 8 (#125) (16feb53)

... (truncated)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates debug from 2.2.0 to 3.2.7

Release notes

Sourced from debug's releases.

3.2.6

This backport fixes a 4x performance regression when debug is disabled.

Patches

• fix: performance issue (f312a8903a3928c43ff1388828d85f4f8407553d) (#625)

3.2.5

This patch restores browserify functionality as well as keeping the intended functionality with Unpkg.com.

It is a backport of the 4.0.1 release.

Patches

• fix browserify and supply alternative unpkg entry point (closes #606): cc5f1463d1c975bcef0b3172b2527ca204ec474d

3.2.4

3.2.4 is DEPRECATED. See visionmedia/debug#603 for details.

This released fixed the missing files entry in package.json, mitigating the faulty 3.2.3 release.

3.2.3

3.2.3 is DEPRECATED. See visionmedia/debug#603 for details.

This release mitigated the breaking changes introduced in 3.2.0 where ./node.js was removed, breaking a very select few users on older releases of babel-core, as well as users that used an undocumented require('debug/node').

./node.js was temporarily added to the repository at this time; however, this release failed to include node.js in the files key in package.json and thus didn't fix the issue. 3.2.4 rectified this issue.

3.2.2

3.2.2 is DEPRECATED. See visionmedia/debug#603 for details.

This release mitigated the breaking changes introduced in 3.2.0 where ES6 features were being used on users of Node 4, causing crashes upon inclusion.

It employed a temporary Babel pass on the entire codebase in lieu of a hard reversion (so this version is, effectively, a backport of the fixes and features ultimately introduced in 4.0.0).

3.2.1

3.2.1 is DEPRECATED. See visionmedia/debug#603 for details.

This release, along with 3.2.0, were subsequently released together as 4.0.0 (a major bump). You can review the complete changes in that release's details.

---

A quick hotfix to address Browser builds - debug is now compiled down to IE8-compatible code via Babel upon release.

CDNs that honor the "browser": key in package.json should now reflect these changes (previously, they would serve the non-bundled ES6 version).

Patches

• use babel-ified distributed source for browsers: b3f8f8e683915ef4fae3a77cbcebc6c410e65a8c

3.2.0

... (truncated)

Commits

• 3383260 3.2.7
• 4e21502 fix regression
• a7a17c9 3.2.6
• f312a89 fix: performance issue
• 9a6d8c2 3.2.5
• cc5f146 fix browserify and supply alternative unpkg entry point (closes #606)
• 78741cc 3.2.4
• 700a010 re-introduce node.js (root file) (ref #603)
• 622e579 3.2.2
• 84e41d5 3.2.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates esbuild from 0.18.20 to 0.25.2

Release notes

Sourced from esbuild's releases.

v0.25.2

• Support flags in regular expressions for the API (#4121)

  The JavaScript plugin API for esbuild takes JavaScript regular expression objects for the filter option. Internally these are translated into Go regular expressions. However, this translation previously ignored the flags property of the regular expression. With this release, esbuild will now translate JavaScript regular expression flags into Go regular expression flags. Specifically the JavaScript regular expression /\.[jt]sx?$/i is turned into the Go regular expression `(?i)\.[jt]sx?$` internally inside of esbuild's API. This should make it possible to use JavaScript regular expressions with the i flag. Note that JavaScript and Go don't support all of the same regular expression features, so this mapping is only approximate.

• Fix node-specific annotations for string literal export names (#4100)

  When node instantiates a CommonJS module, it scans the AST to look for names to expose via ESM named exports. This is a heuristic that looks for certain patterns such as exports.NAME = ... or module.exports = { ... }. This behavior is used by esbuild to "annotate" CommonJS code that was converted from ESM with the original ESM export names. For example, when converting the file export let foo, bar from ESM to CommonJS, esbuild appends this to the end of the file:

  // Annotate the CommonJS export names for ESM import in node:
  0 && (module.exports = {
    bar,
    foo
  });

  However, this feature previously didn't work correctly for export names that are not valid identifiers, which can be constructed using string literal export names. The generated code contained a syntax error. That problem is fixed in this release:

  // Original code
  let foo
  export { foo as "foo!" }
  // Old output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
  "foo!"
  });
  // New output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
  "foo!": null
  });

• Basic support for index source maps (#3439, #4109)

  The source map specification has an optional mode called index source maps that makes it easier for tools to create an aggregate JavaScript file by concatenating many smaller JavaScript files with source maps, and then generate an aggregate source map by simply providing the original source maps along with some offset information. My understanding is that this is rarely used in practice. I'm only aware of two uses of it in the wild: ClojureScript and Turbopack.

  This release provides basic support for indexed source maps. However, the implementation has not been tested on a real app (just on very simple test input). If you are using index source maps in a real app, please try this out and report back if anything isn't working for you.

  Note that this is also not a complete implementation. For example, index source maps technically allows nesting source maps to an arbitrary depth, while esbuild's implementation in this release only supports a single level of nesting. It's unclear whether supporting more than one level of nesting is important or not given the lack of available test cases.

  This feature was contributed by @​clyfish.

v0.25.1

• Fix incorrect paths in inline source maps (#4070, #4075, #4105)

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

• 4475787 publish 0.25.2 to npm
• 8f56771 fix #4121: map js regexp flags to go regexp flags
• 36b458d follow-up to #4109
• 8b8437c feat: support index source map (#4109)
• 75286c1 unit test for absolute windows paths in source map
• bcc77fb fix #4100: invalid identifiers in node annotation
• 37cb6a2 fix a warning from npm publish
• 6bfc1c1 publish 0.25.1 to npm
• f9b3952 fix #4078: prepend namespaces to source map paths
• ccf3dd7 add "contributed by" in changelog
• Additional commits viewable in compare view

Updates vite from 4.5.13 to 6.3.2

Release notes

Sourced from vite's releases.

v4.5.13

Please refer to CHANGELOG.md for details.

v4.5.12

Please refer to CHANGELOG.md for details.

v4.5.11

Please refer to CHANGELOG.md for details.

v4.5.10

Please refer to CHANGELOG.md for details.

v4.5.9

Please refer to CHANGELOG.md for details.

v4.5.8

Please refer to CHANGELOG.md for details.

v4.5.7

Please refer to CHANGELOG.md for details.

v4.5.6

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

4.5.13 (2025-04-10)

• fix: backport #19830, reject requests with # in request-target (#19832) (41f3819), closes #19830 #19832

4.5.12 (2025-04-03)

• fix: backport #19782, fs check with svg and relative paths (#19785) (0a3dcf5), closes #19782 #19785

4.5.11 (2025-03-31)

• fix: backport #19761, fs check in transform middleware (#19763) (26e1764), closes #19761 #19763

4.5.10 (2025-03-24)

• fix: backport #19702, fs raw query with...

  Description has been truncated

[github-actions]

Test Results

18 tests  ±0   18 ✅ ±0   4s ⏱️ +2s
 1 suites ±0    0 💤 ±0 
 1 files   ±0    0 ❌ ±0 

Results for commit e37be08. ± Comparison against base commit a14851d.

♻️ This comment has been updated with latest results.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml